{"id":"GO-2024-3170","summary":"Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability in github.com/grafana/agent","details":"Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability in github.com/grafana/agent","aliases":["CVE-2024-8996","GHSA-m5gv-m5f9-wgv4"],"modified":"2026-03-17T04:49:22.216737Z","published":"2024-10-09T20:29:23Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2024-3170"},"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-m5gv-m5f9-wgv4"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8996"},{"type":"FIX","url":"https://github.com/grafana/agent/commit/91bab2c05906938d3f8e1e3c61a863f037985299"},{"type":"WEB","url":"https://github.com/grafana/agent/releases/tag/v0.43.2"},{"type":"WEB","url":"https://github.com/grafana/agent/releases/tag/v0.43.3"},{"type":"WEB","url":"https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996"},{"type":"WEB","url":"https://grafana.com/security/security-advisories/cve-2024-8996"}],"affected":[{"package":{"name":"github.com/grafana/agent","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/agent"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.43.3"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3170.json"}}],"schema_version":"1.7.5"}