All vulnerabilities
CVE-2021-41277
Metabase GeoJSON API Local File Inclusion Vulnerability
Metabase — Metabase
- Added to KEV catalog
- 12 November 2024
- Federal remediation due date
- 3 December 2024
- Weakness classification (CWE)
- CWE-200
CISA Description
Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr ; https://nvd.nist.gov/vuln/detail/CVE-2021-41277
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services