一、漏洞信息
漏洞编号：CVE-2024-28867
漏洞归属组件：prometheus
漏洞归属的版本：2.20.0,2.46.0,2.53.3
CVSS V3.0分值：
BaseScore：5.9 Medium
Vector：CVSS：3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
漏洞简述：
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, } or similar characters which can lead to the attacker taking over the exported format -- including creating unbounded numbers of stored metrics, inflating server memory usage, or causing bogus metrics. This vulnerability is fixed in2.0.0-alpha.2.
漏洞公开时间：2024-03-29 23:15:11
漏洞创建时间：2024-03-29 15:43:40
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2024-28867

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

二、漏洞分析结构反馈
影响性分析说明：

openEuler评分：
5.9
Vector：CVSS：3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
受影响版本排查(受影响/不受影响)：
1.master(2.53.3):
2.openEuler-20.03-LTS-SP1(2.20.0):
3.openEuler-20.03-LTS-SP4(2.20.0):
4.openEuler-22.03-LTS:
5.openEuler-22.03-LTS-Next:
6.openEuler-22.03-LTS-SP1:
7.openEuler-22.03-LTS-SP2:
8.openEuler-22.03-LTS-SP3:
9.openEuler-24.03-LTS(2.46.0):
10.openEuler-22.03-LTS-SP4:
11.openEuler-24.03-LTS-Next(2.46.0):

修复是否涉及abi变化(是/否)：
1.master(2.53.3):
2.openEuler-20.03-LTS-SP1(2.20.0):
3.openEuler-20.03-LTS-SP4(2.20.0):
4.openEuler-22.03-LTS:
5.openEuler-22.03-LTS-Next:
6.openEuler-22.03-LTS-SP1:
7.openEuler-22.03-LTS-SP2:
8.openEuler-22.03-LTS-SP3:
9.openEuler-24.03-LTS(2.46.0):

原因说明：
1.master(2.53.3):
2.openEuler-20.03-LTS-SP4(2.20.0):
3.openEuler-22.03-LTS-SP1:
4.openEuler-22.03-LTS-SP3:
5.openEuler-22.03-LTS-SP4:
6.openEuler-24.03-LTS(2.46.0):
7.openEuler-24.03-LTS-Next(2.46.0):
8.openEuler-24.03-LTS-SP1: