Cybersecurity Alerts

Metabase GeoJSON API Local File Inclusion Vulnerability

Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weakness Classification

CWE-200

References

• https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr
• https://nvd.nist.gov/vuln/detail/CVE-2021-41277