net.opentsdb:opentsdb@2.4.1 vulnerabilities
-
latest version
2.4.1
-
first published
9 years ago
-
latest version published
3 years ago
-
licenses detected
- [2.1.3,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the net.opentsdb:opentsdb package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
net.opentsdb:opentsdb is a scalable, distributed Time Series Database. Affected versions of this package are vulnerable to Arbitrary Code Execution by writing user-controlled input to the How to fix Arbitrary Code Execution? A fix was pushed into the |
[0,)
|
net.opentsdb:opentsdb is a scalable, distributed Time Series Database. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint. Note: This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint. How to fix Cross-site Scripting (XSS)? A fix was pushed into the |
[0,)
|
net.opentsdb:opentsdb is a scalable, distributed Time Series Database. Affected versions of this package are vulnerable to Command Injection due to insufficient validation of parameters passed to the legacy HTTP query API. Note: This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation. How to fix Command Injection? A fix was pushed into the |
[0,)
|
net.opentsdb:opentsdb is a scalable, distributed Time Series Database. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
net.opentsdb:opentsdb is a scalable, distributed Time Series Database. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|