{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "8.16.1"
              },
              {
                "fixed": "8.16.4"
              },
              {
                "introduced": "8.17.0"
              },
              {
                "fixed": "8.17.2"
              }
            ]
          },
          "events": [
            {
              "introduced": "c8b46e87c4d61de4fe046ce5ea0a0b68aad5acf9"
            },
            {
              "fixed": "4d74e2c041a2e9b7c6cefe20d106cde5f3d2439c"
            },
            {
              "introduced": "86cbc85e621f4f3f701ed230f4e859ac5a80145b"
            },
            {
              "fixed": "d7985c80643203de533d99844eb1b53cae85f8f9"
            }
          ],
          "repo": "https://github.com/elastic/kibana",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal.",
  "id": "CVE-2024-12556",
  "modified": "2026-03-10T21:53:43.311795668Z",
  "published": "2025-04-08T20:15:19.420Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://discuss.elastic.co/t/kibana-8-16-4-and-8-17-2-security-update-esa-2025-02/376918"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}