Snyk Security Database

kibana is an open source (Apache Licensed), browser-based analytics and search dashboard for Elasticsearch.

Affected versions of this package are vulnerable to External Control of File Name or Path via the processing of JSON credentials in the Google Gemini connector configuration. An attacker can access arbitrary files and perform unauthorized network requests by submitting malicious input to the connectors.

keras is a Keras is a high-level neural networks API for Python..

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in HDF5 dataset metadata validation. An attacker can cause excessive memory consumption and crash the Python interpreter by supplying a crafted .keras archive containing a model.weights.h5 file with a dataset that declares an extremely large shape.

Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input due to the improper validation of matrix parameters in URL paths in JAX-RS routing layer. An attacker can gain access to administrative or sensitive endpoints by crafting requests that mask path segments, potentially bypassing proxy-level path filtering.