rpm package
suse/golang-github-prometheus-prometheus&distro=SUSE Enterprise Storage 6
pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Enterprise%20Storage%206
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-21698 | — | < 2.32.1-150100.4.9.2 | 2.32.1-150100.4.9.2 | Feb 15, 2022 | client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde | ||
| CVE-2021-29622 | — | < 2.27.1-3.8.1 | 2.27.1-3.8.1 | May 19, 2021 | Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL | ||
| CVE-2019-10215 | — | < 2.18.0-3.3.1 | 2.18.0-3.3.1 | Oct 8, 2019 | Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser. |
- CVE-2022-21698Feb 15, 2022affected < 2.32.1-150100.4.9.2fixed 2.32.1-150100.4.9.2
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde
- CVE-2021-29622May 19, 2021affected < 2.27.1-3.8.1fixed 2.27.1-3.8.1
Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL
- CVE-2019-10215Oct 8, 2019affected < 2.18.0-3.3.1fixed 2.18.0-3.3.1
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.