CVE-2018-12972: OpenTSDB vulnerable to OS Command Injection

Severity: Critical

CVSS Score: 9.8

An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.