influxdb (SUSE:OpenStack Cloud 9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 9 package influxdb, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2019-20933 — CVSS 9.8 (critical): InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT…
CVE-2019-8341 — CVSS 9.8 (critical): An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the…
CVE-2020-5390 — CVSS 7.5 (high): PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it…
CVE-2020-26298 — CVSS 6.8 (medium): Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can…
CVE-2020-26137 — CVSS 6.5 (medium): urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF…
CVE-2021-22141 — CVSS 6.1 (medium): An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could…
CVE-2021-21419 — CVSS 5.3 (medium): Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large…
CVE-2021-41136 — CVSS 3.7 (low): Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP…