GHSA-g4rr-88fc-26fj

Suggest an improvement
Source
https://github.com/advisories/GHSA-g4rr-88fc-26fj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-g4rr-88fc-26fj/GHSA-g4rr-88fc-26fj.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-g4rr-88fc-26fj
Aliases
Published
2025-09-19T12:30:19Z
Modified
2025-09-26T16:22:00Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Grafana-Zabbix ReDoS vulnerability
Details

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. 

Versions 5.2.1 and below contained a ReDoS vulnerability via user-supplied regex query which could causes CPU usage to max out. This vulnerability is fixed in version 6.0.0.

Database specific 
{
    "cwe_ids": [
        "CWE-20"
    ],
    "github_reviewed": true,
    "severity": "MODERATE",
    "github_reviewed_at": "2025-09-19T17:33:25Z",
    "nvd_published_at": "2025-09-19T10:15:34Z"
}
References

Affected packages

Go / github.com/alexanderzobnin/grafana-zabbix

Package

Name
github.com/alexanderzobnin/grafana-zabbix
View open source insights on deps.dev
Purl
pkg:golang/github.com/alexanderzobnin/grafana-zabbix

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.0