Metabase: >> Metabase >> 0.43.6 Security Vulnerabilities
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-10-26
Page 2