CVE-2018-18836

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Netdata version 1.10.0

Description An issue exists in the software due to JSON injection via the "api/v1/data" endpoint, specifically through the tqx parameter. This is caused by the web client api request v1 data function in web/api/web api v1.c.

Recommendations For Netdata version 1.10.0, consider restricting access to the "api/v1/data" endpoint to minimize the risk of exploitation, and avoid using the tqx parameter until the issue is resolved.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

ALT-PU-2019-1379

CVE-2018-18836

OPENSUSE-SU-2021:0647-1

OPENSUSE-SU-2021:0730-1

OPENSUSE-SU-2021:1603-1

OPENSUSE-SU-2021_0647-1

OPENSUSE-SU-2024:11083-1

USN-7250-1

Affected Products

Alt Linux

Linuxmint

Netdata

Suse

Ubuntu

CVE-2018-18836

Weakness Enumeration

Related Identifiers

Affected Products

References · 34