SQL injection in /api/tsdb/query in grafana

Grafana 9.1 has a new feature that allows you to create Public Dashboards without allowing users to inject arbitrary queries!