Blog

You are currently viewing Kibana arbitrary code execution via prototype pollution (ESA-2024-22)

Kibana arbitrary code execution via prototype pollution (ESA-2024-22)

A critical security flaw, CVE-2024-37287, has been identified in Kibana, an open-source data visualization and exploration tool, which could allow attackers to execute arbitrary code via a prototype pollution vulnerability. Ref https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424