漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Metabase vulnerable to Remote Code Execution via H2
Vulnerability Description
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer allows DDL statements in H2 native queries.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Metabase 安全漏洞
Vulnerability Description
Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 存在安全漏洞,该漏洞源于H2(示例数据库)可以允许远程代码执行(RCE),这可能会被能够在 H2 数据库上编写 SQL 查询的用户滥用。
CVSS Information
N/A
Vulnerability Type
N/A