No-SQL injection

I am very new to elastic search so my question might sound stupid .
I am working on a project that uses elasticsearch as the database.
I have a search page on our app, when user enters some keyword in the search bar and clicks submit the request is sent to our server, the server code uses the keyword to generates a GET request to the Elasticsearch API.
The data in the database are some articles not anything user specific.

Now the question I have is, can there be a No-SQL injection attack on our API ?
(As far as i have read, the GET API can only be used to retrieve the data)
If there can be a No-SQL injection attack, how to protect it?

We've made a number of changes to ES to reduce the possibility of this happening, so it's unlikely.

Thank you :slight_smile:

Hi, I had one more query, from which version of ElasticSearch is this fix impelmented?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.