admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/41xxx/CVE-2021-41277.json
advisory-db[bot] 75ef67e5f4
Add CVE-2021-41277 for GHSA-w73v-6p7p-fpfr 
Add CVE-2021-41277 for GHSA-w73v-6p7p-fpfr
2021-11-17 19:59:59 +00:00

91 lines
3.5 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41277",
"STATE": "PUBLIC",
"TITLE": "GeoJSON URL validation can expose server files and environment variables to unauthorized users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "metabase",
"version": {
"version_data": [
{
"version_value": "< 0.40.5"
},
{
"version_value": ">= 1.0.0, < 1.40.5"
}
]
}
}
]
},
"vendor_name": "metabase"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If youre unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr",
"refsource": "CONFIRM",
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr"
},
{
"name": "https://github.com/metabase/metabase/commit/042a36e49574c749f944e19cf80360fd3dc322f0",
"refsource": "MISC",
"url": "https://github.com/metabase/metabase/commit/042a36e49574c749f944e19cf80360fd3dc322f0"
}
]
},
"source": {
"advisory": "GHSA-w73v-6p7p-fpfr",
"discovery": "UNKNOWN"
}
}
Reference in New Issue View Git Blame Copy Permalink