CVE-2024-12556

Source
https://cve.org/CVERecord?id=CVE-2024-12556
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12556.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-12556
Aliases
Published
2025-04-08T20:04:22.103Z
Modified
2026-07-15T01:49:13.595258974Z
Severity
  • 8.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
Summary
Kibana Prototype Pollution can lead to code injection
Details

Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal.

Database specific
{
    "cwe_ids": [
        "CWE-1321"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/12xxx/CVE-2024-12556.json",
    "cna_assigner": "elastic"
}
References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Database specific
{
    "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "8.16.1"
        },
        {
            "fixed": "8.16.4"
        },
        {
            "introduced": "8.17.0"
        },
        {
            "fixed": "8.17.2"
        }
    ],
    "source": "CPE_RANGE"
}
Type
GIT
Repo
https://github.com/elastic/kibana
Events
Database specific
{
    "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "8.16.1"
        },
        {
            "fixed": "8.16.4"
        },
        {
            "introduced": "8.17.0"
        },
        {
            "fixed": "8.17.2"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

v8.*
v8.16.1
v8.16.2
v8.16.3
v8.17.0
v8.17.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12556.json"