Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
Description
Introducing just a double-quote " character in the filters table would cause the table to visualize a 503 error message.
In addition, its possible to inject LogQL commands as well as HTTP query parameters from the Network Traffic table.
As a vulnerability example, try to e.g. select the `Src Pod` label in the table filter and then place one of the following lines in the input text (including the quotes):
"|json|DstAddr=ip("172.0.0.0/8")|~"
"&limit=1000&foo="bar