An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
https://www.red4sec.com/cve/netdata_header_injection.txt
https://github.com/netdata/netdata/pull/4521
https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca