61 matches found
CVE-2021-41277
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map admin-settings-maps-custom maps-add a map support and potential local file inclusion including environment variables. URLs were not validated prior to being...
EUVD-2022-41825
Malicious code in bioql PyPI...
EUVD-2025-14803
Malicious code in bioql PyPI...
EUVD-2022-46746
Malicious code in bioql PyPI...
EUVD-2024-27393
Malicious code in bioql PyPI...
Metabase 0.40.x < 0.40.8 / 0.41.x < 0.41.7 / 0.42.x < 0.42.4 / 1.40.x < 1.40.8 / 1.41.x < 1.41.7 / 1.42.x < 1.42.4
The version of Metabase installed on the remote host is prior to 1.42.4. It is, therefore, affected by multiple vulnerabilities. - Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a...
Metabase < 0.44.5
The version of Metabase installed on the remote host is prior to 0.44.5. It is, therefore, affected by a The url parameter of the /api/geojson endpoint in Metabase versions 0.44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented b...
CVE-2022-39359
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions...
CVE-2025-30371
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...
CVE-2025-30371
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...
CVE-2025-30371
CVE-2025-30371 affects Metabase (self-hosted) prior to versions v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8. The issue is a circumvention of local link access protection in the GeoJson endpoint, potentially impacting deployments where Metabase is colocated with other unsecured resources. Remedia...
CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...
CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...
CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...
Metabase 后置链接漏洞
Metabase is an open source data analytics platform from the US-based Metabase, Inc. A backlink vulnerability exists in Metabase versions prior to v0.52.16.4, prior to v1.52.16.4, prior to v0.53.8, and prior to v1.53.8, which stems from a bypass of the GeoJson endpoint local link access protection...
Metabase GeoJSON API Local File Inclusion Vulnerability
Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data...
CVE-2024-2443
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...
CVE-2024-2443
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...
CVE-2024-2443 Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...
CVE-2024-2443 Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...