- Are any of Elastic's products(Elasticsearch, Kibana, and so on) affected by CVE-2022-22965?
@xxgogogo I believe the only impact would be on java client which use spring data, don't see any other vulnerability on Elastic Stack as such.
Hi, we use Elasticsearch-rest-client, Elasticsearch-rest-high-level-client and spring data too. Will ES affect by the Spring4Shell ::Spring Framework Remote Code Execution Vulnerability?
Hi, @xxgogogo. So far, the Elastic team has not released notes regarding this vulnerability in their products. However, as good security practices, it is interesting to mitigate the risk of exploiting this type of attack by applying correction patches available in other applications based on the framework as they can be an attack vector to your environment.
Here are some links with recommendations for mitigating the failure:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.