VYPR
Moderate severityNVD Advisory· Published May 1, 2015· Updated Jun 17, 2026

CVE-2015-3337

CVE-2015-3337

Description

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.elasticsearch:elasticsearchMaven
< 1.4.51.4.5
org.elasticsearch:elasticsearchMaven
>= 1.5.0, < 1.5.21.5.2

Affected products

4
  • cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:*range: <=1.4.4
    • cpe:2.3:a:elasticsearch:elasticsearch:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:elasticsearch:elasticsearch:1.5.1:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.