-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/grafana/grafana | go | >= 0.0.1-test, < 11.6.2 | 11.6.2 |
| github.com/grafana/grafana | go | < 0.0.0-20250521211231-e0ba4b480954 | 0.0.0-20250521211231-e0ba4b480954 |
Miggo AIRoot Cause AnalysisThe analysis is based on the provided vulnerability description (CVE-2025-1088) and the commit e0ba4b480954f8a33aa2cff3229f6bcc05777bd9, which is associated with the patched version fixing this CVE. The CVE states that excessively long dashboard or panel titles in Grafana cause Chromium browsers to become unresponsive due to improper input validation.
The commit e0ba4b480954 modifies the staticHandler function within pkg/api/static/static.go. The package is inferred to be httpstatic based on the package declaration in the corresponding test file (pkg/api/static/static_test.go). The modification involves adding path.Clean() when constructing redirect URLs for directory requests (i.e., when fi.IsDir() is true and the path doesn't end with a slash).
The root cause of the vulnerability is inferred to be that these excessively long dashboard/panel titles could, through some mechanism within Grafana, become part of a URL's path component (ctx.Req.URL.Path) that is subsequently processed by the staticHandler. In its vulnerable (pre-patch) state, staticHandler would attempt to create a redirect URL based on this potentially very long and un-sanitized path. This could result in a malformed or excessively long redirect URL. When a Chromium browser received and attempted to process such a redirect, it would lead to unresponsiveness.
The httpstatic.staticHandler function is identified as the vulnerable function (in its pre-patch state) because it contained the flawed logic for handling these URL paths during redirection. The introduction of path.Clean() in the patch ensures that the path is normalized and sanitized before being used to construct the redirect URL, thus mitigating the issue. The confidence level is 'medium' because the exact mechanism by which a dashboard/panel title influences the specific URL path handled by staticHandler is not explicitly detailed in the commit information but is a necessary inference to connect the CVE description (long titles causing issues) to the specific code change in the static file handler.
GoGoOngoing coverage of React2Shell