EPSS
Percentile
50.7%
net.opentsdb:opentsdb is vulnerable to Command Injection. Insufficient validation of parameters passed to the legacy HTTP query API allows crafted OS commands to bypass validation, allowing malicious code to execute on the OpenTSDB host system.
packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html
github.com/advisories/GHSA-h475-7v3c-26q7
github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9
github.com/OpenTSDB/opentsdb/pull/2275
www.synopsys.com/blogs/software-security/opentsdb/