{"affected":[{"ecosystem_specific":{"binaries":[{"grafana":"7.5.12-3.18.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"grafana","purl":"pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.5.12-3.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for grafana fixes the following issues:\n\n- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454)\n- CVE-2021-43813: Fixed markdown path traversal (bsc#1193688)\n","id":"openSUSE-SU-2022:0140-1","modified":"2022-01-20T12:25:15Z","published":"2022-01-20T12:25:15Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZUS4G6GRHNJN7AR53SGJABSHRZM3XMOY/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191454"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193688"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-39226"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43813"}],"related":["CVE-2021-39226","CVE-2021-43813"],"summary":"Security update for grafana","upstream":["CVE-2021-39226","CVE-2021-43813"]}