FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0b85b1cd-e468-11ed-834b-6c3be5272acdGrafana -- Critical vulnerability in golang

Grafana Labs reports:

An issue in how go handles backticks (`) with Javascript can lead to an injection of arbitrary code into go templates. While Grafana Labs software contains potentially vulnerable versions of go, we have not identified any exploitable use cases at this time.

The CVSS score for this vulnerability is 0.0 (adjusted), 9.8 (base).


Discovery 2023-04-19
Entry 2023-04-26
grafana
< 8.5.24

ge 9.0.0 lt 9.2.17

ge 9.3.0 lt 9.3.13

ge 9.4.0 lt 9.4.9

grafana8
< 8.5.24

grafana9
< 9.2.17

ge 9.3.0 lt 9.3.13

ge 9.4.0 lt 9.4.9

CVE-2023-24538
https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/