Apache Linkis 安全漏洞

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An input validation error vulnerability exists in Apache Linkis versions prior to 1.7.0, which stems from the lac...

Malicious code in grafana-sentry-datasource (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f64ac119461c222b3a037a8fb79c1239e05e03cbce16d87f17ce6f1bb3a857a7 Any computer that has this package install...

MAL-2025-43 Malicious code in grafana-sentry-datasource (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f64ac119461c222b3a037a8fb79c1239e05e03cbce16d87f17ce6f1bb3a857a7 Any computer that has this package install...

grafana-pcp security update

5.1.1-9 - Resolves: RHEL-57932 5.1.1-8 - Add a premade uwsgi dashboard for the vector datasource...

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

PT-2024-34622 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: AppSmith Community versions 1.8.3 through 1.46 Description: The issue allows for Server-Side Request Forgery SSRF via the New DataSource feature for application/json requests to the IP address 169.254.169.254, which is used to retrieve AWS...

CVE-2024-51408

AppSmith Community before version 1.46 is vulnerable to SSRF via the New DataSource feature when making application/json requests to 169.254.169.254 to retrieve AWS metadata credentials. This can allow an attacker to trigger internal requests and access sensitive AWS metadata information. Root ca...

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

BIT-GRAFANA-2023-5122 SSRF in CSV Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...

afs2-datasource (>=3.8.0.0 <=3.8.2), afw (>=0.0.6 <=0.0.21) +281 more potentially affected by CVE-2024-21272 via mysql-connector-python (>=8.0.21 <=9.0.0)

mysql-connector-python PYPI version =8.0.21, =3.8.0.0, =0.0.6, =1.4.20, =0.0.1, =0.1.1, =0.3.0, =0.0.1, =1.0.0b1, =0.10.0, =2021.2.5, =1.0.1, =1.0.12, =1.1.15, =1.2.24 and more Source cves: CVE-2024-21272 Source advisory: OSV:GHSA-HGJP-83M4-H4FJ...

CVE-2024-8118 Grafana alerting wrong permission on datasource rule write endpoint

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...

CVE-2024-8118 Grafana alerting wrong permission on datasource rule write endpoint

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...

DataEase's H2 datasource has a remote command execution risk

Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: POST /de2api/datasource/validate HTTP/1.1 Host: dataease.ubuntu20.vm User-Agent: python-requests/2.31.0 Accept-Encoding: gzip, deflate Accept: / Connection:...

GHSA-H7MJ-M72H-QM8W DataEase's H2 datasource has a remote command execution risk

Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: POST /de2api/datasource/validate HTTP/1.1 Host: dataease.ubuntu20.vm User-Agent: python-requests/2.31.0 Accept-Encoding: gzip, deflate Accept: / Connection:...

CVE-2024-46997 DataEase's H2 datasource has a remote command execution risk

DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1...

UBUNTU-CVE-2024-6322

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...

Oracle Linux 8 : grafana (ELSA-2024-5291)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5291 advisory. 9.2.10-17 - Allow for mssql datasource in selinux policy - Resolves RHEL-43435 Tenable has extracted the preceding description block directly from the...

grafana security update

9.2.10-17 - Allow for mssql datasource in selinux policy - Resolves RHEL-43435...

Apache Linkis code issue vulnerability (CNVD-2024-33595)

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. Apache Linkis 1.6.0 before the version of the code problem vulnerability , the vulnerability stems from the lack ...

JNDI Injection

org.apache.linkis: linkis-common is vulnerable to JNDI Injection. The vulnerability is due to insufficient filtering of db2 parameters, allowing an attacker with access to an authorized Linkis account to configure malicious parameters in the DataSource Manager Module which results in JNDI Injecti...