Description
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.
Remediation
References
https://github.com/OpenTSDB/opentsdb/issues/1239
Related Vulnerabilities
CVE-2017-3151 Vulnerability in maven package org.apache.atlas:apache-atlas
CVE-2016-10735 Vulnerability in npm package bootstrap-sass
CVE-2017-12963 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2020-28272 Vulnerability in npm package keyget
CVE-2022-38751 Vulnerability in maven package org.yaml:snakeyaml