CVE-2024-28867: Swift Prometheus Unsanitized Metric Name

Unsanitized metric names or labels can allow an attacker to inject special characters (e.g., newlines) to hijack the exported Prometheus format, leading to fake metrics, format corruption, or Denial of Service by unbounded metric creation. Always sanitize metric dimensions using standard validation helpers like `ensureValidMetricName()`.

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0

Swift^β

greprules fetch cve-2024-28867-swift-prometheus-unsanitized-metric-name --engine opengrep

Description

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 145 downloads
0 direct145 via packs
· 0 stars · Quality score 73How quality works
Included packs: 1 pack

Community feedback

0 signals from signed-in users.

Useful: 0
False positive: 0
Metadata: 0