Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Metabase's GeoJSON validation doesn't prevent redirects to blocked URLs
Vulnerability Description
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable `MB_CUSTOM_GEOJSON_ENABLED` was also added to disable custom GeoJSON completely (`true` by default).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Metabase 输入验证错误漏洞
Vulnerability Description
Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 存在安全漏洞,该漏洞源于自定义 GeoJSON 地图 URL 地址将跟随重定向到否则不允许的地址,例如链接本地或专用网络。
CVSS Information
N/A
Vulnerability Type
N/A