Summary:
The bundled versions of node.js in Kibana contain HTTP-related security vulnerabilities. Fixed versions of node.js were recently released.
For the original node.js security announcement, see https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
Fixed versions:
Kibana versions 4.4.1 and 4.3.2 have had their bundled node versions bumped to 0.12.10 from 0.12.9.
Kibana version 4.1.5 has had its bundled node version bumped to 0.10.42 from 0.10.35.
Remediation:
Users should upgrade their Kibana versions to either 4.4.1, 4.3.2, or 4.1.5.