CVE-2021-41277

Metabase GeoJSON API Local File Inclusion Vulnerability

Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data. Vendor/Product: Metabase Metabase. Added to CISA KEV 2024-11-12; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2021-41277