Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Proxy Module 4.3 package golang-github-lusitaniae-apache_exporter, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2021-3918 — CVSS 9.8 (critical): json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-43138 — CVSS 7.8 (high): In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js…
CVE-2022-41723 — CVSS 7.5 (high): A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service…
CVE-2022-41715 — CVSS 7.5 (high): Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed…
CVE-2022-32149 — CVSS 7.5 (high): An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to…
CVE-2020-7753 — CVSS 7.5 (high): All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
CVE-2022-31097 — CVSS 7.3 (high): Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and…
CVE-2022-31107 — CVSS 7.1 (high): Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible…
CVE-2022-0155 — CVSS 6.5 (medium): follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2022-46146 — CVSS 6.2 (medium): Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a…
CVE-2023-3978 — CVSS 6.1 (medium): Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to…
CVE-2023-29409 — CVSS 5.3 (medium): Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the…
CVE-2021-43815 — CVSS 4.3 (medium): Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal…