Leixiao

**Name of the Vulnerable Software and Affected Versions** Grafana (affected versions not specified) **Description** The issue is related to a bypass of the deny list in Grafana, which is an open-source platform for monitoring and observability. This bypass can be achieved by using punycode encoding of characters in the request address, allowing a remote attacker to circumvent existing access restrictions. The vulnerability is related to the Request security feature in Grafana Enterprise, which is designed to prevent the instance from calling specific hosts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.