{"id":"CVE-2024-9264","summary":"Grafana SQL Expressions allow for remote code execution","details":"The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack.  The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.","aliases":["BIT-grafana-2024-9264","GHSA-q99m-qcv4-fpm7","GO-2024-3215"],"modified":"2026-05-18T05:59:07.534921169Z","published":"2024-10-18T03:20:52.489Z","related":["CGA-3mqw-v2g6-57gg","SUSE-SU-2024:3911-1","SUSE-SU-2025:01985-1","SUSE-SU-2025:01987-1","SUSE-SU-2025:01989-1","SUSE-SU-2025:01991-1","openSUSE-SU-2024:0350-1","openSUSE-SU-2024:14431-1","openSUSE-SU-2024:14447-1","openSUSE-SU-2026:20654-1"],"database_specific":{"cwe_ids":["CWE-94"],"cna_assigner":"GRAFANA","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/9xxx/CVE-2024-9264.json"},"references":[{"type":"WEB","url":"https://github.com/grafana/grafana/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/9xxx/CVE-2024-9264.json"},{"type":"ADVISORY","url":"https://grafana.com/security/security-advisories/cve-2024-9264/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9264"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20250314-0007/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/grafana/grafana","events":[{"introduced":"c57667e4481563f5e6cf945b03bc0626caa4dbeb"},{"fixed":"c47b921ef40c0c411e9bad2cac05eb6c540c0979"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-9264.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}]}