CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of…

mitre·CWE-113·Published 2019-06-18

CVSS

—

EPSS

0.02

KEV

Exploits

cve.orgen

177 chars

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.

NVDen

177 chars

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.

NVDes

215 chars

Un problema fue descubierto en Netdata 1.10.0. La Inyección de encabezado HTTP existe a través del parámetro api / v1 / nombre de archivo de datos debido a web_client_api_request_v1_data en web / api / web_api_v1.c.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
3.0	Primary	NVD	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N