Publish GHSA-q5rg-wg7h-73m5

advisory-database[bot] · advisory-database[bot] · commit 4192977c3e0f · 2026-03-06T15:12:41.000Z
diff --git a/advisories/github-reviewed/2022/05/GHSA-q5rg-wg7h-73m5/GHSA-q5rg-wg7h-73m5.json b/advisories/github-reviewed/2022/05/GHSA-q5rg-wg7h-73m5/GHSA-q5rg-wg7h-73m5.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q5rg-wg7h-73m5",
-  "modified": "2023-07-17T23:09:56Z",
+  "modified": "2026-03-06T15:10:27Z",
   "published": "2022-05-24T16:55:40Z",
   "aliases": [
     "CVE-2019-10665"
   ],
   "summary": "LibreNMS Information Disclosure",
-  "details": "An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (`html/includes/graphs/common.inc.php` and `html/includes/graphs/graphs.inc.php`) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with `mysqli_real_escape_string`, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the `html/graph.php` script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.",
+  "details": "An issue was discovered in LibreNMS through 1.47. The scripts that handle graphing options (`html/includes/graphs/common.inc.php` and `html/includes/graphs/graphs.inc.php`) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with `mysqli_real_escape_string`, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the `html/graph.php` script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -41,12 +41,8 @@
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10665"
     },
     {
-      "type": "WEB",
-      "url": "https://github.com/spaceraccoon/CVE-2020-10665"
-    },
-    {
-      "type": "WEB",
-      "url": "https://www.activecyber.us/activelabs/docker-desktop-local-privilege-escalation-cve-2020-10665"
+      "type": "PACKAGE",
+      "url": "https://github.com/librenms/librenms"
     },
     {
       "type": "WEB",
