Description
Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server.
Remediation
References
Related Vulnerabilities
WordPress Plugin Chameleoni Jobs Multiple Cross-Site Scripting Vulnerabilities (1.2.2)
PHP-Fusion Authentication Bypass by Capture-replay Vulnerability (CVE-2020-23178)
WordPress Plugin Mail logging-WP Mail Catcher Cross-Site Scripting (2.1.2)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7890)