4 matches found
Improper Input Validation
github.com/grafana/grafana-infinity-datasource is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of allowed URL restrictions, which allows an attacker to bypass configured URL checks using a specially crafted URL...
GO-2025-3843 Grafana Infinity Datasource Plugin SSRF Vulnerability in github.com/grafana/grafana-infinity-datasource
Grafana Infinity Datasource Plugin SSRF Vulnerability in github.com/grafana/grafana-infinity-datasource...
Grafana Infinity Datasource Plugin SSRF Vulnerability
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL validation process. An attacker can access internal or otherwise restricted resources by submitting a specially crafted URL that bypasses configured allowlists. Remediation Upgrade...