kibana vulnerabilities

Kibana is an open source (Apache Licensed), browser based analytics and search dashboard for Elasticsearch. Kibana is a snap to setup and start using. Kibana strives to be easy to get started with, while also being flexible and powerful, just like Elastic

latest version

5.1.1
first published

7 years ago
latest version published

7 years ago
licenses detected
- Apache-2.0
  >=0
View kibana package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the kibana package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
C Deserialization of Untrusted Data	>=8.10.0 <8.15.1
C Deserialization of Untrusted Data	>=8.15.0 <8.15.1
H Prototype Pollution	>=7.7.0 <7.17.23 >=8.0.0 <8.14.2
H Denial of Service (DoS)	>=7.0.0 <7.17.23 >=8.0.0 <8.14.0
M Allocation of Resources Without Limits or Throttling	<7.17.22 >=8.0.0-alpha1 <8.14.0
M URL Redirection to Untrusted Site ('Open Redirect')	<7.17.22 >=8.0.0-alpha1 <8.14.0
M Uncontrolled Resource Consumption	>=8.6.3 <8.14.0
M Improper Access Control	>=8.0.0 <8.12.1
H Insertion of Sensitive Information into Log File	>=7.13.0 <7.17.16 >=8.0.0 <8.11.2
H Information Exposure Through Log Files	>=8.0.0 <8.11.1
M Use of Unmaintained Third Party Components	>=7.0.0 <7.13.0
M Arbitrary Code Injection	>=7.10.2 <7.14.0
L Directory Traversal	>=7.9.0 <7.14.1
C Insertion of Sensitive Information into Log File	>=8.10.0 <8.10.1
M Cleartext Transmission of Sensitive Information	>=7.8.0 <7.15.2
H Denial of Service (DoS)	>=7.0.0 <7.17.9 >=8.0.0 <8.6.1
C Arbitrary Code Injection	>=8.7.0 <8.7.1
H Arbitrary Code Injection	>=8.0.0 <8.7.1
M Improper Input Validation	>=7.10.2 <7.14.1
M Open Redirect	<6.8.16 >=7.0.0 <7.13.0
M Prototype Pollution	>=6.7.0 <6.8.9 >=7.0.0 <7.6.3
M Prototype Pollution	<6.8.9 <7.7.0
C Cross-site Scripting (XSS)	<6.8.10 >=7.7.0 <7.7.1
M Information Exposure	>=5.0.0 <5.0.2
M Cross-site Request Forgery (CSRF)	<4.1.3 >=4.2.0 <4.2.1
M Cross-site Scripting (XSS)	>=4.1.0 <4.1.11 >=4.5.0 <4.5.4
M Cross-site Scripting (XSS)	>=4.3.0 <4.6.2
M Open Redirect	<4.6.2 >=5.0.0 <5.0.1
M Arbitrary Command Execution	<5.3.13 >=6.4.0 <6.4.3
M Cross-site Scripting (XSS)	>=5.1.1 <5.6.6 >=6.0.0 <6.1.2
H Denial of Service (DoS)	>=5.0.0 <5.2.1
M Cross-site Scripting (XSS)	<5.4.1
M Cross-site Scripting (XSS)	>=6.1.0 <6.1.3
M Open Redirect	>=5.1.1 <5.6.7 >=6.0.0 <6.1.3
M Cross-site Scripting (XSS)	>=5.1.1 <5.6.7 >=6.0.0 <6.1.3
M Cross-site Scripting (XSS)	<5.6.5 >=6 <6.0.1
M Open Redirect	<5.6.5 >=6 <6.0.1
M Open Redirect	<5.3.1
H Denial of Service (DoS)	<5.2.1
M Cross-site Scripting (XSS)	>=5.3.0 <5.3.3 >=5.4.0 <5.4.1
M Information Exposure	<5.4.3
M Cross-site Scripting (XSS)	<5.6.1
M Cross-site Scripting (XSS)	<5.0.0-alpha5

Package versions

1 - 1 of 1 Results

version	published	direct vulnerabilities
5.1.1	6 Jun, 2017	1 C 2 H 14 M 0 L