How severe is CVE-2024-28867?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-28867?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2024-28867 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies _un-sanitized string values into metric names or labels_, an attacker could make use of this and send a `?lang` query parameter containing newlines, `}` or similar characters which can lead to the attacker taking over the exported format -- including creating unbounded numbers of stored metrics, inflating server memory usage, or causing "bogus" metrics. This vulnerability is fixed in2.0.0-alpha.2.

Related Vulnerabilities

CVE-2017-10963

MEDIUM

CVSS:5.9(Medium)

In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container ...

CWE-742017

CVE-2018-4153

MEDIUM

CVSS:5.9(Medium)

An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.

CWE-742018

CVE-2019-25031

MEDIUM

CVSS:5.9(Medium)

Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this...

CWE-742019

CVE-2020-14928

MEDIUM

CVSS:5.9(Medium)

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS co...

CWE-742020

CVE-2020-14954

MEDIUM

CVSS:5.9(Medium)

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., ...

CWE-742020

CVE-2021-29795

MEDIUM

CVSS:6.0(Medium)

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: ...

CWE-742021