logo

CVE-2021-41277 - Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2021-41277

Metabase | Metabase

  • Date Added:
  • 2024-11-12
  • Due Date:
  • 2024-12-03
Vulnerability Name

Metabase GeoJSON API Local File Inclusion Vulnerability

Description

Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes
https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr ; https://nvd.nist.gov/vuln/detail/CVE-2021-41277

Free security scan for your website