-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from unvalidated/unescaped user input in query alias fields being processed by AngularJS templates. The bs-typeahead directive's handling of options array allowed JS execution. The patch (#25401) specifically added validation to these alias fields and escaping during rendering. The CHANGELOG and commit messages confirm these were the vulnerable areas.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/grafana/grafana | go | < 7.1.0-beta1 | 7.1.0-beta1 |
GoGoOngoing coverage of React2Shell