Go modules package
github.com/influxdata/influxdb
pkg:golang/github.com/influxdata/influxdb
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-20933 | — | < 1.7.6 | 1.7.6 | Nov 19, 2020 | InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | ||
| CVE-2018-17572 | — | < 0.9.6 | 0.9.6 | Mar 2, 2020 | InfluxDB 0.9.5 has Reflected XSS in the Write Data module. |
- CVE-2019-20933Nov 19, 2020affected < 1.7.6fixed 1.7.6
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
- CVE-2018-17572Mar 2, 2020affected < 0.9.6fixed 0.9.6
InfluxDB 0.9.5 has Reflected XSS in the Write Data module.