From 5f82ed1dd79543ec46e05ca4a26112b98d9f2bcb Mon Sep 17 00:00:00 2001
From: restrry <restrry@gmail.com>
Date: Fri, 20 Aug 2021 14:35:24 +0300
Subject: [PATCH] do not make an assumption on user-supplied data content

---
 src/core/server/elasticsearch/client/client_config.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/core/server/elasticsearch/client/client_config.ts b/src/core/server/elasticsearch/client/client_config.ts
index bbbb1ac247b3b..efb7e383f6571 100644
--- a/src/core/server/elasticsearch/client/client_config.ts
+++ b/src/core/server/elasticsearch/client/client_config.ts
@@ -55,6 +55,9 @@ export function parseClientOptions(
       ...DEFAULT_HEADERS,
       ...config.customHeaders,
     },
+    // do not make assumption on user-supplied data content
+    // fixes https://github.com/elastic/kibana/issues/101944
+    disablePrototypePoisoningProtection: true,
   };
 
   if (config.pingTimeout != null) {