Malicious code in digitalexp-datasource-definitions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36663c1c097e4ad0179af75313622f87a6e8b4c1ccd10cf2d93e5a505e4c2985 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in emoji-datasource-google-blob (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3653a56d9d36fb380b98090ef118578ceed822d7bb1ab1a62d6a18fba5ed5b2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-8CVQ-3JJP-PH9P Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

Affected versions: - Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 Description: In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read...

CVE-2024-45627 Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

CVE-2024-45627 Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

CVE-2024-45627

Summary (CVE-2024-45627) In Apache Linkis, versions earlier than 1.7.0 are vulnerable due to insufficient filtering of parameters in the DataSource Manager’s MySQL JDBC configuration. An attacker with an authorized Linkis account can configure malicious MySQL JDBC parameters to read arbitrary fil...

Apache Linkis 安全漏洞

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An input validation error vulnerability exists in Apache Linkis versions prior to 1.7.0, which stems from the lac...

Malicious code in grafana-sentry-datasource (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f64ac119461c222b3a037a8fb79c1239e05e03cbce16d87f17ce6f1bb3a857a7 Any computer that has this package install...

MAL-2025-43 Malicious code in grafana-sentry-datasource (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f64ac119461c222b3a037a8fb79c1239e05e03cbce16d87f17ce6f1bb3a857a7 Any computer that has this package install...

grafana-pcp security update

5.1.1-9 - Resolves: RHEL-57932 5.1.1-8 - Add a premade uwsgi dashboard for the vector datasource...

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

CVE-2024-51408

AppSmith Community before version 1.46 is vulnerable to SSRF via the New DataSource feature when making application/json requests to 169.254.169.254 to retrieve AWS metadata credentials. This can allow an attacker to trigger internal requests and access sensitive AWS metadata information. Root ca...

PT-2024-34622 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: AppSmith Community versions 1.8.3 through 1.46 Description: The issue allows for Server-Side Request Forgery SSRF via the New DataSource feature for application/json requests to the IP address 169.254.169.254, which is used to retrieve AWS...

BIT-GRAFANA-2023-5122 SSRF in CSV Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...

afs2-datasource (>=3.8.0.0 <=3.8.2), afw (>=0.0.6 <=0.0.21) +281 more potentially affected by CVE-2024-21272 via mysql-connector-python (>=8.0.21 <=9.0.0)

mysql-connector-python PYPI version =8.0.21, =3.8.0.0, =0.0.6, =1.4.20, =0.0.1, =0.1.1, =0.3.0, =0.0.1, =1.0.0b1, =0.10.0, =2021.2.5, =1.0.1, =1.0.12, =1.1.15, =1.2.24 and more Source cves: CVE-2024-21272 Source advisory: OSV:GHSA-HGJP-83M4-H4FJ...

CVE-2024-8118 Grafana alerting wrong permission on datasource rule write endpoint

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...

CVE-2024-8118 Grafana alerting wrong permission on datasource rule write endpoint

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...

DataEase's H2 datasource has a remote command execution risk

Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: POST /de2api/datasource/validate HTTP/1.1 Host: dataease.ubuntu20.vm User-Agent: python-requests/2.31.0 Accept-Encoding: gzip, deflate Accept: / Connection:...

GHSA-H7MJ-M72H-QM8W DataEase's H2 datasource has a remote command execution risk

Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: POST /de2api/datasource/validate HTTP/1.1 Host: dataease.ubuntu20.vm User-Agent: python-requests/2.31.0 Accept-Encoding: gzip, deflate Accept: / Connection:...