Denial of Service (DoS)

Affecting kibana package, versions <5.2.1

high severity

Overview

kibana is an open source, browser-based analytics and search dashboard for Elasticsearch.

Affected versions of this package are vulnerable to Denial of Service (DoS).

Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.

Remediation

Upgrade kibana to version 5.2.1 or higher.

References

Do your applications use this vulnerable package?

Credit
Unknown
CVE
CVE-2017-8452
Snyk ID
npm:kibana:20170214
Disclosed
14 Feb, 2017
Published
04 Jan, 2018