logo

CVE-2021-41277 - Metabase GeoJSON API Local File Inclusion Vulnerability

Project:Metabase

Product:Metabase

Date Added:2024-11-12Due Date:2024-12-03

Vulnerability Name

Metabase GeoJSON API Local File Inclusion Vulnerability

Description

Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr

https://nvd.nist.gov/vuln/detail/CVE-2021-41277