{"id":"CVE-2024-12556","details":"Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal.","aliases":["BIT-elk-2024-12556","BIT-kibana-2024-12556"],"modified":"2026-04-10T05:08:27.435842Z","published":"2025-04-08T20:15:19.420Z","references":[{"type":"FIX","url":"https://discuss.elastic.co/t/kibana-8-16-4-and-8-17-2-security-update-esa-2025-02/376918"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/kibana","events":[{"introduced":"c8b46e87c4d61de4fe046ce5ea0a0b68aad5acf9"},{"fixed":"4d74e2c041a2e9b7c6cefe20d106cde5f3d2439c"},{"introduced":"86cbc85e621f4f3f701ed230f4e859ac5a80145b"},{"fixed":"d7985c80643203de533d99844eb1b53cae85f8f9"}],"database_specific":{"versions":[{"introduced":"8.16.1"},{"fixed":"8.16.4"},{"introduced":"8.17.0"},{"fixed":"8.17.2"}]}}],"versions":["v8.16.1","v8.16.2","v8.16.3","v8.17.0","v8.17.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12556.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}