CVE-2021-41277: GeoJSON URL validation can expose server files and environment variables to unauthorized users

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-41277

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

GeoJSON URL validation can expose server files and environment variables to unauthorized users

Source: NVD (National Vulnerability Database)

Vulnerability Description

Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

Metabase 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 中存在路径遍历漏洞，该漏洞源于产品的 admin->settings->maps->custom maps->add a map 操作缺少权限验证。攻击者可通过该漏洞获得敏感信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
metabase	metabase	< 0.40.5	-

II. Public POCs for CVE-2021-41277

#	POC Description	Source Link	Shenlong Link
1	Metabase任意文件读取漏洞批量扫描工具	https://github.com/Seals6/CVE-2021-41277	POC Details
2	PoC for CVE-2021-41277	https://github.com/tahtaciburak/CVE-2021-41277	POC Details
3	Metabase 任意文件读取	https://github.com/Henry4E36/Metabase-cve-2021-41277	POC Details
4	MetaBase 任意文件读取漏洞 fofa批量poc	https://github.com/kap1ush0n/CVE-2021-41277	POC Details
5	simple program for exploit metabase	https://github.com/z3n70/CVE-2021-41277	POC Details
6	plugin made for LeakiX	https://github.com/kaizensecurity/CVE-2021-41277	POC Details
7	None	https://github.com/Vulnmachines/Metabase_CVE-2021-41277	POC Details
8	Metabase GeoJSON map local file inclusion	https://github.com/TheLastVvV/CVE-2021-41277	POC Details
9	None	https://github.com/zer0yu/CVE-2021-41277	POC Details
10	CVE-2021-41277 can be extended to an SSRF	https://github.com/sasukeourad/CVE-2021-41277_SSRF	POC Details
11	It is a nmap script for metabase vulnerability (CVE-2021-41277)	https://github.com/frknktlca/Metabase_Nmap_Script	POC Details
12	MetaBase 任意文件读取	https://github.com/Chen-ling-afk/CVE-2021-41277	POC Details
13	None	https://github.com/RubXkuB/PoC-Metabase-CVE-2021-41277	POC Details
14	MetaBase 任意文件读取	https://github.com/chengling-ing/CVE-2021-41277	POC Details
15	It is a nmap script for metabase vulnerability (CVE-2021-41277)	https://github.com/grey-master-a/Metabase_Nmap_Script	POC Details
16	Metabase is an open source data analytics platform. In affected versions a local file inclusion security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-41277.yaml	POC Details
17	None	https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Metabase%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2021-41277.md	POC Details
18	None	https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Metabase%20geojson%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2021-41277.md	POC Details
19		https://github.com/vulhub/vulhub/blob/master/metabase/CVE-2021-41277/README.md	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-41277

Please Login to view more intelligence information

https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfrx_refsource_CONFIRM
https://github.com/metabase/metabase/commit/042a36e49574c749f944e19cf80360fd3dc322f0x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-41277

IV. Related Vulnerabilities

Same product: metabase

Same vendor: metabase

Same weakness: CWE-200

V. Comments for CVE-2021-41277

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-41277

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-41277

III. Intelligence Information for CVE-2021-41277

IV. Related Vulnerabilities

V. Comments for CVE-2021-41277

Leave a comment