CVE-2021-41277

unknown KEV

Published 2024-11-12 · Modified 2024-11-12

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.

CISA KEV

Vendor: Metabase
Product: Metabase
Due date: 2024-12-03

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr ; https://nvd.nist.gov/vuln/detail/CVE-2021-41277

Exploits

References

https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr ; https://nvd.nist.gov/vuln/detail/CVE-2021-41277

Verify integrity in audit chain (admin only). AS-IS.