grafana-prometheus vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the grafana-prometheus package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Use of Uninitialized Variable

*
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • M
Insufficient Compartmentalization

*
  • M
Insufficiently Protected Credentials

*
  • M
Missing Required Cryptographic Step

*
  • M
Missing Required Cryptographic Step

*
  • M
Missing Required Cryptographic Step

*
  • M
Improper Input Validation

*
  • M
Authentication Bypass

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Misinterpretation of Input

*
  • M
Improper Input Validation

*
  • M
Arbitrary Code Injection

*
  • M
Improper Input Validation

*
  • M
Information Exposure

*
  • H
Resource Exhaustion

*
  • M
Information Exposure

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
CVE-2023-39321

*
  • M
Cross-site Scripting (XSS)

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Cross-site Scripting (XSS)

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • H
Inefficient Regular Expression Complexity

*
  • M
Resource Exhaustion

*
  • M
Information Exposure

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Arbitrary Code Injection

*
  • M
Resource Exhaustion

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Resource Exhaustion

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
External Control of Assumed-Immutable Web Parameter

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • M
Incorrect Implementation of Authentication Algorithm

*
  • M
Information Exposure

*
  • M
Inefficient Regular Expression Complexity

*
  • M
CVE-2022-39201

*
  • M
Insufficiently Protected Credentials

*
  • M
Improper Verification of Cryptographic Signature

*
  • M
Authentication Bypass

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • M
Inefficient Regular Expression Complexity

*
  • L
Resource Exhaustion

*
  • L
Directory Traversal

*
  • M
Open Redirect

*
  • L
Insufficient Entropy

*
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • M
Arbitrary Argument Injection

<0:6.7.4-3.el8
  • M
Cross-site Scripting (XSS)

<0:6.7.4-3.el8
  • M
Cross-site Scripting (XSS)

<0:6.7.4-3.el8
  • M
Incorrect Permission Assignment for Critical Resource

<0:6.7.4-3.el8
  • M
Cross-site Scripting (XSS)

<0:6.7.4-3.el8
  • M
Cross-site Scripting (XSS)

<0:6.7.4-3.el8
  • M
Incorrect Permission Assignment for Critical Resource

<0:6.7.4-3.el8
  • M
Cross-site Scripting (XSS)

<0:6.7.4-3.el8
  • H
Server-Side Request Forgery (SSRF)

<0:6.3.6-2.el8_2
  • M
Improper Access Control

<0:6.3.6-1.el8
  • M
Improper Certificate Validation

*