Grafana 12.3.0 OSS Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:grafana:grafana:12.3.0:*:*:*:-:*:*:*
part: a version: 12.3.0 update: *
| Vendor | Grafana (7564912d-bb81-50cf-9eb9-f573ac2fa519) |
|---|---|
| Product | Grafana (6e4f3e11-70ef-54b3-88d6-f64136c9d5f2) |
| Edition | * |
| Language | * |
| Software edition | - |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/grafana/grafana |
purl2cpe | 2026-06-01 10:14:45.499135 |
pkg:github/grafana/grafana |
purl2cpe | 2026-06-01 10:14:45.499137 |
pkg:rpm/fedora/grafana |
purl2cpe | 2026-06-01 10:14:45.499138 |
pkg:rpm/opensuse/grafana |
purl2cpe | 2026-06-01 10:14:45.499139 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-21720 |
vulnerable | 2026-06-03 15:15:51.507873 |
Unauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time out
HIGH (7.5)
Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems.
Published: 2026-01-27T09:07:04.758Z
Updated: 2026-05-13T19:28:36.287Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.