Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint
Vulnerability Description
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potentially impacted if their Metabase is colocated with other unsecured resources. This is fixed in v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8. Migrating to Metabase Cloud or redeploying Metabase in a dedicated subnet with strict outbound port controls is an available workaround.
CVSS Information
N/A
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
Metabase 后置链接漏洞
Vulnerability Description
Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase v0.52.16.4之前版本、v1.52.16.4之前版本、v0.53.8之前版本和v1.53.8之前版本存在后置链接漏洞,该漏洞源于GeoJson端点本地链接访问保护被绕过。
CVSS Information
N/A
Vulnerability Type
N/A