net.opentsdb:opentsdb@2.3.0 vulnerabilities
-
latest version
2.4.1
-
first published
9 years ago
-
latest version published
3 years ago
-
licenses detected
- [2.1.3,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the net.opentsdb:opentsdb package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
net.opentsdb:opentsdb is a scalable, distributed Time Series Database. Affected versions of this package are vulnerable to Arbitrary Code Execution by writing user-controlled input to the How to fix Arbitrary Code Execution? A fix was pushed into the |
[0,)
|
net.opentsdb:opentsdb is a scalable, distributed Time Series Database. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint. Note: This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint. How to fix Cross-site Scripting (XSS)? A fix was pushed into the |
[0,)
|
net.opentsdb:opentsdb is a scalable, distributed Time Series Database. Affected versions of this package are vulnerable to Command Injection due to insufficient validation of parameters passed to the legacy HTTP query API. Note: This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation. How to fix Command Injection? A fix was pushed into the |
[0,)
|
net.opentsdb:opentsdb is a scalable, distributed Time Series Database. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
net.opentsdb:opentsdb is a scalable, distributed Time Series Database. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
net.opentsdb:opentsdb is a scalable, distributed Time Series Database. Affected versions of this package are vulnerable to Arbitrary Code Execution. It is possible to bypass the command injection sanitation within PoC
When passing the payload via one of the parameters it is written to a How to fix Arbitrary Code Execution? Upgrade |
[0,2.4.1)
|
net.opentsdb:opentsdb is a scalable, distributed Time Series Database. Affected versions of this package are vulnerable to Arbitrary Command Execution. An attacker could execute commands by using parameters in the How to fix Arbitrary Commend Execution? Upgrade |
[,2.3.1)
|