INFSA-2025:0401: grafana security update
Information about definition
Identificator: INFSA-2025:0401
Type: security
Release date: 2025-03-05 16:58:36 UTC
Information about package
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Vulnerabilities description
- CVE-2025-21613
An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport protocol is being used.
- CVE-2025-21614
A denial of service (DoS) vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-21613
|
no information | 8.1 | no information |
|
NIST — CVE-2025-21614
|
no information | 7.5 | no information |
Updated packages