RHSA-2020:2796HighCVSS 8.2

Red Hat Security Advisory: Red Hat OpenShift Service Mesh servicemesh-grafana security update

Published
July 1, 2020
Last Modified
June 26, 2026

🔗 CVE IDs covered (8)

📋 Description

CVE-2019-11253 — kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote denial of service CVE-2019-16769 — npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions CVE-2020-7660 — npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function deleteFunctions within index.js CVE-2020-7662 — npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser CVE-2020-12052 — grafana: XSS annotation popup vulnerability CVE-2020-12245 — grafana: XSS via column.title or cellLinkTooltip CVE-2020-13379 — grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL CVE-2020-13430 — grafana: XSS via the OpenTSDB datasource

🔗 References (11)