OpenFeature evaluation API reads input data with no bounds

Description

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

Vendor	Product	Versions
grafana	grafana	v12.1.0, v12.2.0, v12.3.0, v12.4.0

Tier C

VulDB4h ago

→ No new info (linked only)

Tier B

CCCS Canada23h ago

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Published3/27/2026

Last enriched3h agov2

0 upvotes0 downvotes

No votes yet

State: unverified

Confidence: 0%

Last enriched 3h ago

v2Tier C3h ago

Updated affected versions to include 12.1.9, 12.2.7, 12.3.5, and 12.4.1, changed severity to MEDIUM, and added patch available version 12.1.9.

affectedVersionsseveritypatchAvailable

via VulDB

v14h ago

Initial creation