kibana is vulnerable to prototype pollution. The vulnerability exists due to an improper use of Object.keys, allowing an authenticated user with Kibana index writing privilege to overwrite Object.prototype and execute malicious code with the permissions of the Kibana process on the host.