net.opentsdb:opentsdb (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package net.opentsdb:opentsdb, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2020-35476 — CVSS 9.8 (critical): A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is…
CVE-2018-12972 — CVSS 9.8 (critical): An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and…
CVE-2023-25826 — CVSS 9.8 (critical): Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into…
CVE-2023-36812 — CVSS 9.8 (critical): OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability…
CVE-2023-25827 — CVSS 8.2 (high): Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is…