VYPR

Bitnami package

redash

pkg:bitnami/redash

Vulnerabilities (2)

  • CVE-2020-36144MedMar 18, 2021
    affected >= 8.0.0, <= 8.0.0

    Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

  • CVE-2020-12725HigJun 11, 2020
    affected < 8.0.0fixed 8.0.0

    Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP reque