[ { "advisoryKey": "kev/cve-2021-43798", "affectedPackages": [ { "type": "vendor", "identifier": "Grafana Labs::Grafana", "platform": null, "versionRanges": [ { "fixedVersion": null, "introducedVersion": null, "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": true, "nevra": null, "semVer": null, "vendorExtensions": { "kev.vendorProject": "Grafana Labs", "kev.product": "Grafana", "kev.requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "kev.knownRansomwareCampaignUse": "Unknown", "kev.notes": "https://grafana.com/security/advisory; https://nvd.nist.gov/vuln/detail/CVE-2021-43798", "kev.catalogVersion": "2025.10.09", "kev.catalogReleased": "2025-10-09T16:52:28.6547000+00:00", "kev.dateAdded": "2025-10-09", "kev.dueDate": "2025-10-30", "kev.cwe": "CWE-22" } }, "provenance": { "source": "kev", "kind": "kev-range", "value": "Grafana Labs::Grafana", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] }, "rangeExpression": null, "rangeKind": "vendor" } ], "normalizedVersions": [ { "scheme": "kev.catalog", "type": "exact", "min": null, "minInclusive": null, "max": null, "maxInclusive": null, "value": "2025.10.09", "notes": "Grafana Labs::Grafana" }, { "scheme": "kev.date-added", "type": "exact", "min": null, "minInclusive": null, "max": null, "maxInclusive": null, "value": "2025-10-09", "notes": "Grafana Labs::Grafana" }, { "scheme": "kev.due-date", "type": "lte", "min": null, "minInclusive": null, "max": "2025-10-30", "maxInclusive": true, "value": null, "notes": "Grafana Labs::Grafana" } ], "statuses": [], "provenance": [ { "source": "kev", "kind": "mapping", "value": "2025.10.09", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] } ] } ], "aliases": [ "CVE-2021-43798" ], "credits": [], "cvssMetrics": [], "exploitKnown": true, "language": "en", "modified": "2025-10-09T16:52:28.6547+00:00", "provenance": [ { "source": "kev", "kind": "document", "value": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", "decisionReason": null, "recordedAt": "2025-10-10T00:00:00+00:00", "fieldMask": [] }, { "source": "kev", "kind": "mapping", "value": "2025.10.09", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] } ], "published": "2025-10-09T00:00:00+00:00", "references": [ { "kind": "reference", "provenance": { "source": "kev", "kind": "reference", "value": "CVE-2021-43798", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] }, "sourceTag": "kev.notes", "summary": null, "url": "https://grafana.com/security/advisory" }, { "kind": "reference", "provenance": { "source": "kev", "kind": "reference", "value": "CVE-2021-43798", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] }, "sourceTag": "kev.notes", "summary": null, "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43798" }, { "kind": "advisory", "provenance": { "source": "kev", "kind": "reference", "value": "CVE-2021-43798", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] }, "sourceTag": "cisa-kev", "summary": null, "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search=CVE-2021-43798" }, { "kind": "reference", "provenance": { "source": "kev", "kind": "reference", "value": "CVE-2021-43798", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] }, "sourceTag": "cisa-kev-feed", "summary": null, "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" } ], "severity": null, "summary": "Grafana contains a path traversal vulnerability that could allow access to local files.", "title": "Grafana Path Traversal Vulnerability" }, { "advisoryKey": "kev/cve-2024-12345", "affectedPackages": [ { "type": "vendor", "identifier": "Acme Corp::Acme Widget", "platform": null, "versionRanges": [ { "fixedVersion": null, "introducedVersion": null, "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": true, "nevra": null, "semVer": null, "vendorExtensions": { "kev.vendorProject": "Acme Corp", "kev.product": "Acme Widget", "kev.requiredAction": "Apply vendor patch KB-1234.", "kev.knownRansomwareCampaignUse": "Confirmed", "kev.notes": "https://acme.example/advisories/KB-1234 https://nvd.nist.gov/vuln/detail/CVE-2024-12345 additional context ignored", "kev.catalogVersion": "2025.10.09", "kev.catalogReleased": "2025-10-09T16:52:28.6547000+00:00", "kev.dateAdded": "2025-08-01", "kev.cwe": "CWE-120,CWE-787" } }, "provenance": { "source": "kev", "kind": "kev-range", "value": "Acme Corp::Acme Widget", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] }, "rangeExpression": null, "rangeKind": "vendor" } ], "normalizedVersions": [ { "scheme": "kev.catalog", "type": "exact", "min": null, "minInclusive": null, "max": null, "maxInclusive": null, "value": "2025.10.09", "notes": "Acme Corp::Acme Widget" }, { "scheme": "kev.date-added", "type": "exact", "min": null, "minInclusive": null, "max": null, "maxInclusive": null, "value": "2025-08-01", "notes": "Acme Corp::Acme Widget" } ], "statuses": [], "provenance": [ { "source": "kev", "kind": "mapping", "value": "2025.10.09", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] } ] } ], "aliases": [ "CVE-2024-12345" ], "credits": [], "cvssMetrics": [], "exploitKnown": true, "language": "en", "modified": "2025-10-09T16:52:28.6547+00:00", "provenance": [ { "source": "kev", "kind": "document", "value": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", "decisionReason": null, "recordedAt": "2025-10-10T00:00:00+00:00", "fieldMask": [] }, { "source": "kev", "kind": "mapping", "value": "2025.10.09", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] } ], "published": "2025-08-01T00:00:00+00:00", "references": [ { "kind": "reference", "provenance": { "source": "kev", "kind": "reference", "value": "CVE-2024-12345", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] }, "sourceTag": "kev.notes", "summary": null, "url": "https://acme.example/advisories/KB-1234" }, { "kind": "reference", "provenance": { "source": "kev", "kind": "reference", "value": "CVE-2024-12345", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] }, "sourceTag": "kev.notes", "summary": null, "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12345" }, { "kind": "advisory", "provenance": { "source": "kev", "kind": "reference", "value": "CVE-2024-12345", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] }, "sourceTag": "cisa-kev", "summary": null, "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search=CVE-2024-12345" }, { "kind": "reference", "provenance": { "source": "kev", "kind": "reference", "value": "CVE-2024-12345", "decisionReason": null, "recordedAt": "2025-10-10T00:01:00+00:00", "fieldMask": [] }, "sourceTag": "cisa-kev-feed", "summary": null, "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" } ], "severity": null, "summary": "Acme Widget contains a buffer overflow that may allow remote code execution.", "title": "Acme Widget Buffer Overflow" } ]