Grafana — CVE-2024-9264

TL;DR CVE-2024-9264 is a critical vulnerability in Grafana 11.x where the SQL Expressions feature forwards attacker-controlled SQL to a backend (DuckDB), enabling local file reads (LFI) and, in some setups, remote code execution (RCE). In many config...