GHSA-CX2V-JRJC-G54W OpenTSDB vulnerable to OS Command Injection

An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input...

GHSA-HV53-Q76C-7F8C OS Command Injection in OpenTSDB

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

OpenTSDB Command Injection Vulnerability

OpenTSDB is a distributed, scalable time series database TSDB based on Hbase. A command execution vulnerability exists in OpenTSDB 2.4.0 and earlier versions. An attacker can exploit this vulnerability to achieve remote code execution via the yrange parameter injection command...

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

Remote code execution

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

OpenTSDB 操作系统命令注入漏洞

OpenTSDB is a distributed, scalable time series database TSDB based on Hbase. A command execution vulnerability exists in OpenTSDB 2.4.0 and earlier versions. An attacker can exploit this vulnerability to achieve remote code execution via the yrange parameter injection command...

PT-2020-6865 · Opentsdb · Opentsdb

Name of the Vulnerable Software and Affected Versions: OpenTSDB versions prior to 2.4.1 Description: A remote code execution issue occurs due to command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory, which is then executed via the...

OpenTSDB Remote Command Execution Vulnerability

OpenTSDB is a set of open source, scalable distributed time series database. A remote command execution vulnerability exists in OpenTSDB version 2.3.0. An attacker can exploit this vulnerability by sending multiple parameters e.g., o, key, style, yrange, or y2range to the /q URI to execute comman...