CVE-2024-28867

CVSS V2 None CVSS V3 None
Description
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies _un-sanitized string values into metric names or labels_, an attacker could make use of this and send a `?lang` query parameter containing newlines, `}` or similar characters which can lead to the attacker taking over the exported format -- including creating unbounded numbers of stored metrics, inflating server memory usage, or causing "bogus" metrics. This vulnerability is fixed in2.0.0-alpha.2.
Overview
  • CVE ID
  • CVE-2024-28867
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-03-29T14:26:22.194Z
  • Last Modified Date
  • 2024-06-04T18:03:18.312Z
History
Created Old Value New Value Data Type Notes
2024-06-26 07:48:19 Added to TrackCVE