ID: CVE-2022-32275

Last Modified: June 9, 2022

Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI.

                    <?xml version="1.0" ?>
<set operator="and"/>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="program_influence" value="input"/>
</set>