9 matches found
EUVD-2024-1036
Malicious code in bioql PyPI...
CVE-2024-28867
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...
CVE-2024-28867
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to the usage of un-sanitized string values into metric names or labels. An attacker could exploit this by sending a ?lang query paramet...
CVE-2024-28867 Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...
CVE-2024-28867
Summary (CVE-2024-28867): Swift Prometheus contains a vulnerability where unsanitized string values used in metric names or labels can be crafted via a ?lang query parameter to inject special characters, potentially leading to unbounded metric growth and memory usage. The issue is described acros...
CVE-2024-28867 Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...
CVE-2024-28867 Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...
PT-2024-22616 · Unknown · Swift Prometheus
Name of the Vulnerable Software and Affected Versions: Swift Prometheus versions prior to 2.0.0-alpha.2 Description: The issue arises when un-sanitized string values are applied into metric names or labels, allowing an attacker to send a ?lang query parameter with newlines, or similar characters...