Are any of Elastic's products affected by CVE-2022-22965?



1 Like

@xxgogogo I believe the only impact would be on java client which use spring data, don't see any other vulnerability on Elastic Stack as such.

1 Like

Hi, we use Elasticsearch-rest-client, Elasticsearch-rest-high-level-client and spring data too. Will ES affect by the Spring4Shell ::Spring Framework Remote Code Execution Vulnerability?

Hi, @xxgogogo. So far, the Elastic team has not released notes regarding this vulnerability in their products. However, as good security practices, it is interesting to mitigate the risk of exploiting this type of attack by applying correction patches available in other applications based on the framework as they can be an attack vector to your environment.

Here are some links with recommendations for mitigating the failure:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.