CVE-2024-12556Prototype Pollution in Kibana

CWE-1321Prototype Pollution3 documents3 sources
Severity
9.8CRITICALNVD
CNA8.7
EPSS
1.1%
top 21.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedApr 8

Description

Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5elastic/kibana8.16.18.17.1
NVDelastic/kibana8.16.18.16.4+1

Patches

Patch: discuss.elastic.co

🔴Vulnerability Details

2
CVEList
Kibana Prototype Pollution can lead to code injection2025-04-08
GHSA
GHSA-ww98-mrx2-m82h: Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal2025-04-08
CVE-2024-12556 — Prototype Pollution in Elastic Kibana | cvebase