Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1036

Malicious code in bioql PyPI...

5.9CVSS6.3AI score0.00645EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:46 a.m.9 views

CVE-2024-28867

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...

5.9CVSS6.6AI score0.00645EPSS
Exploits1References1
NVD
NVD
added 2024/03/29 3:15 p.m.32 views

CVE-2024-28867

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...

7.4CVSS5.7AI score0.00645EPSS
Exploits1References2
Snyk
Snyk
added 2024/03/29 2:41 p.m.1 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to the usage of un-sanitized string values into metric names or labels. An attacker could exploit this by sending a ?lang query paramet...

7.4CVSS6.7AI score0.00645EPSS
Exploits1References2
OSV
OSV
added 2024/03/29 2:26 p.m.38 views

CVE-2024-28867 Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...

5.9CVSS6.6AI score0.00645EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/03/29 2:26 p.m.20 views

CVE-2024-28867 Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...

5.9CVSS6.6AI score0.00645EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/29 2:26 p.m.35 views

CVE-2024-28867 Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...

5.9CVSS5.8AI score0.00645EPSS
Exploits1References2
CVE
CVE
added 2024/03/29 2:26 p.m.91 views

CVE-2024-28867

Summary (CVE-2024-28867): Swift Prometheus contains a vulnerability where unsanitized string values used in metric names or labels can be crafted via a ?lang query parameter to inject special characters, potentially leading to unbounded metric growth and memory usage. The issue is described acros...

7.4CVSS5.6AI score0.00645EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.12 views

PT-2024-22616 · Unknown · Swift Prometheus

Name of the Vulnerable Software and Affected Versions: Swift Prometheus versions prior to 2.0.0-alpha.2 Description: The issue arises when un-sanitized string values are applied into metric names or labels, allowing an attacker to send a ?lang query parameter with newlines, or similar characters...

5.9CVSS6.8AI score0.00645EPSS
Exploits1References8
Rows per page
Query Builder