-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper input sanitization when building the MySQL connection string. The pre-patch code in newMysqlQueryEndpoint directly interpolated user-controlled parameters (including credentials and URL) into the connection string without escaping special characters. This allowed authenticated attackers to inject path traversal sequences (via URL parameter) to read arbitrary files. The fix introduced characterEscape() to properly sanitize these inputs, confirming the vulnerability existed in the original string construction logic.
GoGo| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/grafana/grafana | go | < 6.4.4 | 6.4.4 |
Ongoing coverage of React2Shell