CVE-2021-41277
Metabase GeoJSON API Local File Inclusion Vulnerability
CVSS
—
No CVSS
EPSS
97.2%
p100
KEV
YES
Nov 12, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
97.2%EPSS · 30 days97.2%
2026-06-302026-07-16
Product
Metabase / Metabase
Vulnerability
Metabase GeoJSON API Local File Inclusion Vulnerability
Added to KEV
Nov 12, 2024
Remediate by
Dec 3, 2024
Known ransomware use
No
Summary description
Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr ; https://nvd.nist.gov/vuln/detail/CVE-2021-41277
No related CVEs by CWE or product.