I am very new to elastic search so my question might sound stupid .
I am working on a project that uses elasticsearch as the database.
I have a search page on our app, when user enters some keyword in the search bar and clicks submit the request is sent to our server, the server code uses the keyword to generates a GET request to the Elasticsearch API.
The data in the database are some articles not anything user specific.
Now the question I have is, can there be a No-SQL injection attack on our API ?
(As far as i have read, the GET API can only be used to retrieve the data)
If there can be a No-SQL injection attack, how to protect it?