An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "netdata", "binary_version": "1.9.0+dfsg-1ubuntu0.1~esm1" }, { "binary_name": "netdata-data", "binary_version": "1.9.0+dfsg-1ubuntu0.1~esm1" }, { "binary_name": "netdata-dbgsym", "binary_version": "1.9.0+dfsg-1ubuntu0.1~esm1" } ] }