{"id":"CVE-2022-38778","details":"A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.","modified":"2026-04-12T05:05:52.487676Z","published":"2023-02-08T21:15:10.583Z","references":[{"type":"ADVISORY","url":"https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update/324661"},{"type":"ADVISORY","url":"https://www.elastic.co/community/security"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/kibana","events":[{"introduced":"ee89fda8a17eff9c93f7400c102edf76cb4d7d8a"},{"fixed":"00b0b0440dbf6f8c542448473e020c99d352a0f5"},{"introduced":"57ca5e139a33dd2eed927ce98d8231a1f217cd15"},{"fixed":"4c2492450a50cd000fcd85edf668b75828686196"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"7.0.0"},{"fixed":"7.17.9"},{"introduced":"8.0.0"},{"fixed":"8.6.1"}],"cpe":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-38778.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/samverschueren/decode-uri-component","events":[{"introduced":"0"},{"fixed":"3c8a373dd4837e89b3f970e01295dd03e1405a33"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"0.2.1"}],"cpe":"cpe:2.3:a:decode-uri-component_project:decode-uri-component:*:*:*:*:*:node.js:*:*"}}],"versions":["v0.1.0","v0.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-38778.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}