I have run Zap scanning tool on my Grafana Project. we are using grafana 6.7.3 version.
Zap has reported Format String Error alert of medium severity. Below is detail of Alert -
| Medium (Medium) | Format String Error |
|---|---|
| Description | A Format String error occurs when the submitted data of an input string is evaluated as a command by the application. |
| URL | http://<IpAddress>/api/admin/users |
| Method | POST |
| Parameter | password |
| Attack | ZAP%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s |
Could you please let me know the resolution for the same.
Regards,
Abhimanyu