Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for grafana-image-renderer by Grafana

    CVE-2025-11539 (GCVE-0-2025-11539)

    Vulnerability from nvd – Published: 2025-10-09 07:18 – Updated: 2026-02-26 17:47
    VLAI
    Title
    Arbitrary Code Execution in Grafana Image Renderer Plugin
    Summary
    Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process. Instances are vulnerable if: 1. The default token ("authToken") is not changed, or is known to the attacker. 2. The attacker can reach the image renderer endpoint. This issue affects grafana-image-renderer: from 1.0.0 through 4.0.16.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Grafana grafana-image-renderer Affected: 1.0.0 , ≤ 4.0.16 (semver)
    Create a notification for this product.
    Credits
    Callum Carney Wouter ter Maat
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11539",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-10T03:55:21.432457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:59.419Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "grafana-image-renderer",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "4.0.16",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Callum Carney"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Wouter ter Maat"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Grafana Image Renderer is vulnerable to remote code execution due to an\u0026nbsp;\u003cspan style=\"background-color: rgb(249, 249, 251);\"\u003earbitrary file write vulnerability\u003c/span\u003e\u003cspan style=\"background-color: rgb(249, 249, 251);\"\u003e. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eInstances are vulnerable if:\u003cbr\u003e\u003cbr\u003e1. The default token (\"authToken\") is not changed, or is known to the attacker.\u003cbr\u003e2. The attacker can reach the image renderer endpoint.\u003cbr\u003e\u003cp\u003eThis issue affects grafana-image-renderer: from 1.0.0 through 4.0.16.\u003c/p\u003e"
                }
              ],
              "value": "Grafana Image Renderer is vulnerable to remote code execution due to an\u00a0arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process.\n\nInstances are vulnerable if:\n\n1. The default token (\"authToken\") is not changed, or is known to the attacker.\n2. The attacker can reach the image renderer endpoint.\nThis issue affects grafana-image-renderer: from 1.0.0 through 4.0.16."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-253",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-253 Remote Code Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-10T05:57:46.542Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2025-11539/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/grafana/grafana-image-renderer/releases/tag/v4.0.17"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Arbitrary Code Execution in Grafana Image Renderer Plugin",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2025-11539",
        "datePublished": "2025-10-09T07:18:15.819Z",
        "dateReserved": "2025-10-09T06:20:49.088Z",
        "dateUpdated": "2026-02-26T17:47:59.419Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-31176 (GCVE-0-2022-31176)

    Vulnerability from nvd – Published: 2022-09-02 00:00 – Updated: 2025-04-23 17:32
    VLAI
    Title
    Grafana Image Renderer leaking files
    Summary
    Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:11:39.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grafana/grafana-image-renderer/security/advisories/GHSA-2cfh-233g-m4c5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grafana/grafana-image-renderer/pull/364"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20221209-0004/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T14:01:35.650108Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T17:32:35.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "grafana-image-renderer",
              "vendor": "grafana",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels \u0026 dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-09T00:00:00.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "url": "https://github.com/grafana/grafana-image-renderer/security/advisories/GHSA-2cfh-233g-m4c5"
            },
            {
              "url": "https://github.com/grafana/grafana-image-renderer/pull/364"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20221209-0004/"
            }
          ],
          "source": {
            "advisory": "GHSA-2cfh-233g-m4c5",
            "discovery": "UNKNOWN"
          },
          "title": "Grafana Image Renderer leaking files"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-31176",
        "datePublished": "2022-09-02T00:00:00.000Z",
        "dateReserved": "2022-05-18T00:00:00.000Z",
        "dateUpdated": "2025-04-23T17:32:35.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-11539 (GCVE-0-2025-11539)

    Vulnerability from cvelistv5 – Published: 2025-10-09 07:18 – Updated: 2026-02-26 17:47
    VLAI
    Title
    Arbitrary Code Execution in Grafana Image Renderer Plugin
    Summary
    Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process. Instances are vulnerable if: 1. The default token ("authToken") is not changed, or is known to the attacker. 2. The attacker can reach the image renderer endpoint. This issue affects grafana-image-renderer: from 1.0.0 through 4.0.16.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Grafana grafana-image-renderer Affected: 1.0.0 , ≤ 4.0.16 (semver)
    Create a notification for this product.
    Credits
    Callum Carney Wouter ter Maat
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11539",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-10T03:55:21.432457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:59.419Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "grafana-image-renderer",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "4.0.16",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Callum Carney"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Wouter ter Maat"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Grafana Image Renderer is vulnerable to remote code execution due to an\u0026nbsp;\u003cspan style=\"background-color: rgb(249, 249, 251);\"\u003earbitrary file write vulnerability\u003c/span\u003e\u003cspan style=\"background-color: rgb(249, 249, 251);\"\u003e. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eInstances are vulnerable if:\u003cbr\u003e\u003cbr\u003e1. The default token (\"authToken\") is not changed, or is known to the attacker.\u003cbr\u003e2. The attacker can reach the image renderer endpoint.\u003cbr\u003e\u003cp\u003eThis issue affects grafana-image-renderer: from 1.0.0 through 4.0.16.\u003c/p\u003e"
                }
              ],
              "value": "Grafana Image Renderer is vulnerable to remote code execution due to an\u00a0arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process.\n\nInstances are vulnerable if:\n\n1. The default token (\"authToken\") is not changed, or is known to the attacker.\n2. The attacker can reach the image renderer endpoint.\nThis issue affects grafana-image-renderer: from 1.0.0 through 4.0.16."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-253",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-253 Remote Code Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-10T05:57:46.542Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2025-11539/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/grafana/grafana-image-renderer/releases/tag/v4.0.17"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Arbitrary Code Execution in Grafana Image Renderer Plugin",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2025-11539",
        "datePublished": "2025-10-09T07:18:15.819Z",
        "dateReserved": "2025-10-09T06:20:49.088Z",
        "dateUpdated": "2026-02-26T17:47:59.419Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-31176 (GCVE-0-2022-31176)

    Vulnerability from cvelistv5 – Published: 2022-09-02 00:00 – Updated: 2025-04-23 17:32
    VLAI
    Title
    Grafana Image Renderer leaking files
    Summary
    Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:11:39.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grafana/grafana-image-renderer/security/advisories/GHSA-2cfh-233g-m4c5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grafana/grafana-image-renderer/pull/364"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20221209-0004/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T14:01:35.650108Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T17:32:35.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "grafana-image-renderer",
              "vendor": "grafana",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels \u0026 dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-09T00:00:00.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "url": "https://github.com/grafana/grafana-image-renderer/security/advisories/GHSA-2cfh-233g-m4c5"
            },
            {
              "url": "https://github.com/grafana/grafana-image-renderer/pull/364"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20221209-0004/"
            }
          ],
          "source": {
            "advisory": "GHSA-2cfh-233g-m4c5",
            "discovery": "UNKNOWN"
          },
          "title": "Grafana Image Renderer leaking files"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-31176",
        "datePublished": "2022-09-02T00:00:00.000Z",
        "dateReserved": "2022-05-18T00:00:00.000Z",
        "dateUpdated": "2025-04-23T17:32:35.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }