Remote OS Command Injection

I have run Zap scanning tool on my Grafana Project. we are using grafana 6.7.3 version.
Zap has reported Remote OS Command Injection alert of high severity. Below is detail of Alert -

Description Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.
URL http://<IpAddress>/api/admin/users
Method POST
Parameter email
Attack <email>"&timeout /T 15&"
URL http://<IpAddress>/api/admin/users
Method POST
Parameter login
Attack <name>"&sleep 15&"

Could you please let me know the resolution for the same.



it seems to be high risk vulnerability under -

can some one respond how to overcome from this vulnerability.