Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-RU-2024:0511-1

Опубликовано: 15 фев. 2024
Источник: suse-cvrf

Описание

Recommended update for grafana

This update for grafana fixes the following issues:

  • Fixed changelog entries for the Bugzilla trackers related to previously implemented security fixes (no source code changes)

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP5
grafana-9.5.8-150200.3.53.2
openSUSE Leap 15.5
grafana-9.5.8-150200.3.53.2

Ссылки

Описание

All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2
openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2
Ссылки

Описание

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2
openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2
Ссылки

Описание

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2
openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2
Ссылки

Описание

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2
openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2
Ссылки

Описание

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2
openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2
Ссылки