High severity7.5NVD Advisory· Published Jun 18, 2019· Updated Jun 17, 2026
CVE-2018-18838
CVE-2018-18838
Description
An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Netdata/Netdatadescription
- osv-coords5 versionspkg:rpm/opensuse/netdata&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/netdata&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netdata&distro=openSUSE%20Tumbleweedpkg:rpm/suse/netdata&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/netdata&distro=SUSE%20Package%20Hub%2015%20SP3
< 1.29.3-lp152.4.3.1+ 4 more
- (no CPE)range: < 1.29.3-lp152.4.3.1
- (no CPE)range: < 1.31.0-bp153.2.3.1
- (no CPE)range: < 1.31.0-1.3
- (no CPE)range: < 1.29.3-bp152.4.3.1
- (no CPE)range: < 1.31.0-bp153.2.3.1
Patches
Vulnerability mechanics
References
3- github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97canvdPatchThird Party Advisory
- www.red4sec.com/cve/netdata_log_injection.txtnvdExploitThird Party Advisory
- github.com/netdata/netdata/pull/4521nvdThird Party Advisory
News mentions
0No linked articles in our index yet.