Hello,
Kibana 8.16.4 and 8.17.2 Security Update (ESA-2025-02) is a security advisory against Prototype Pollution in Kibana, which can lead to code injection via unrestricted file upload combined with path traversal.
I have a question regarding the Solutions and Mitigations section.
It said that to correct this vulnerability, we should upgrade to version 8.16.4 and 8.17.2 or higher.
But 8.16.4 is mentioned in the affected Versions section.
"Kibana version 8.16.1 up to and including 8.17.1"
@ismisepaul can you please clarify which versions are vulnerable and what is the fix version to remediate this vulnerability ?