VYPR
Unrated severityNVD Advisory· Published Aug 13, 2024· Updated Aug 13, 2024

Kibana arbitrary code execution via prototype pollution

CVE-2024-37287

Description

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.