Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JS-KIBANA-5497343
- published 5 May 2023
- disclosed 5 May 2023
- credit Unknown
How to fix?
kibana to version 8.7.1 or higher.
kibana is an open source (Apache Licensed), browser-based analytics and search dashboard for Elasticsearch.
This issue does not affect Kibana instances running on Elastic Cloud as the payload required to trigger this vulnerability cannot be set in Kibana’s configuration.
This issue affects Kibana instances running on Elastic Cloud Enterprise (ECE) but the code execution is limited within the Kibana Docker container. Further exploitation such as container escape is prevented by
seccomp-bpf and AppArmor profiles.
This issue affects Kibana instances running on Elastic Cloud on Kubernetes (ECK) but the code execution is limited within the Kibana Docker container. Further exploitation such as container escape can be prevented by
seccomp-bpf when configured and supported (Kubernetes v1.19 and later).