We have nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE vulnerability for Elasticsearch server (v. 2.4.6) as mentioned in nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE | Tenable® we need to upgrade to 1.20.1 or later.
how would the process for this be? is it possible to only upgrade nginx or is their a need for elasticserach to be upgraded on compatible version as well?
Welcome to our community! 
You can see mitigation options here - Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.