OpenFeature evaluation API reads input data with no bounds

Description

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

Vendor	Product	Versions
grafana	grafana	v12.1.0, v12.2.0, v12.3.0, v12.4.0

Tier C

VulDB6h ago

→ No new info (linked only)

Tier B

CCCS Canada1d ago

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Published3/27/2026

Last enriched5h agov2

0 upvotes0 downvotes

No votes yet

State: unverified

Confidence: 0%

Last enriched 5h ago

v2Tier C5h ago

Updated affected versions to include 12.1.9, 12.2.7, 12.3.5, and 12.4.1, changed severity to MEDIUM, and added patch available version 12.1.9.

affectedVersionsseveritypatchAvailable

via VulDB

v16h ago

Initial creation