CVE-2018-18837

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Netdata version 1.10.0

Description An issue exists in the software where HTTP Header Injection is possible via the filename parameter in the "api/v1/data" endpoint. This is due to the web client api request v1 data function in web/api/web api v1.c.

Recommendations For Netdata version 1.10.0, consider restricting access to the "api/v1/data" endpoint until a fix is available. As a temporary workaround, avoid using the filename parameter in this endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-113

Related Identifiers

ALT-PU-2019-1379

CVE-2018-18837

OPENSUSE-SU-2021:0647-1

OPENSUSE-SU-2021:0730-1

OPENSUSE-SU-2021:1603-1

OPENSUSE-SU-2021_0647-1

OPENSUSE-SU-2024:11083-1

USN-7250-1

Affected Products

Alt Linux

Linuxmint

Netdata

Suse

Ubuntu

CVE-2018-18837

Weakness Enumeration

Related Identifiers

Affected Products

References · 33