VYPR

Metabase

by Metabase

Source repositories

CVEs (24)

  • CVE-2022-39361Oct 26, 2022
    risk 0.00cvss epss 0.01

    Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is…

  • CVE-2022-24854Apr 14, 2022
    risk 0.00cvss epss 0.01

    Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database,…

  • CVE-2022-24855Apr 14, 2022
    risk 0.00cvss epss 0.01

    Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links…

  • CVE-2018-0697Nov 15, 2018
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Page 2 of 2