CVE-2022-39359

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39359

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39359.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-39359

Related

GHSA-w5j7-4mgm-77f4

Published

2022-10-26T19:15:12Z

Modified

2025-01-15T02:36:50.125133Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable MB_CUSTOM_GEOJSON_ENABLED was also added to disable custom GeoJSON completely (true by default).

References

Affected packages

Git / github.com/metabase/metabase

Affected ranges

Type: GIT
Repo: https://github.com/metabase/metabase
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

057e2d67fcbeb6b48db68b697e022243e3a5771e

Fixed

057e2d67fcbeb6b48db68b697e022243e3a5771e

Affected versions

0.*

0.10.3

0.34.0-rc1

Other

blah

v20150601-alpha

v20150603-alpha

v20150604-alpha

prettier-1.*

prettier-1.17.0-package

release-0.*

release-0.32.2

v0.*

v0.10.0

v0.10.3

v0.10.4

v0.10.4.1

v0.11.0

v0.11.1

v0.11.2

v0.11.3

v0.12.0

v0.12.0-test

v0.12.1

v0.13.0

v0.13.1

v0.13.2

v0.13.3

v0.14.0

v0.14.1

v0.15.0

v0.15.1

v0.16.0

v0.16.1

v0.17.0

v0.17.1

v0.18.0

v0.18.1

v0.19.0

v0.19.1

v0.19.2

v0.19.3

v0.20.0

v0.20.1

v0.20.2

v0.20.3

v0.21.0

v0.21.0-rc2

v0.21.0-rc3

v0.21.1

v0.22.0

v0.22.1

v0.23.0

v0.23.0.RC2

v0.23.0.RC3

v0.23.0.RC4

v0.23.1

v0.24.0

v0.24.0.RC1

v0.24.0.RC2

v0.24.0.RC3

v0.24.0.RC4

v0.24.1

v0.24.2

v0.25.0

v0.25.0.RC1

v0.25.0.RC2

v0.26.0

v0.26.0.RC1

v0.26.0.RC2

v0.26.1

v0.28.0

v0.28.0-RC

v0.28.0-RC2

v0.28.0-RC3

v0.28.0.RC1

v0.28.1

v0.29.0

v0.29.0-RC1

v0.29.1

v0.29.2

v0.29.3

v0.30.0

v0.30.0-rc

v0.30.1

v0.30.2

v0.30.3

v0.30.4

v0.31.0

v0.31.0-RC1

v0.31.1

v0.31.2

v0.32.0

v0.32.0-RC1

v0.32.0-RC2

v0.32.1

v0.32.2

v0.32.3

v0.32.4

v0.32.5

v0.32.6

v0.32.7

v0.32.8

v0.33.0

v0.33.0-RC1

v0.33.1

v0.33.2

v0.33.3

v0.33.4

v0.33.5

v0.33.5.1

v0.33.6

v0.33.7

v0.33.7.1

v0.33.7.2

v0.33.7.3

v0.34.0

v0.34.1

v0.34.1-rc-test

v0.34.2

v0.34.3

v0.35.0

v0.35.0-rc1

v0.35.0-rc2

v0.35.1

v0.35.2

v0.35.3

v0.35.4

v0.36.0

v0.36.0-rc1

v0.36.0-snapshot

v0.36.1

v0.36.2

v0.36.3

v0.36.4

v0.36.5

v0.36.5.1

v0.36.6

v0.36.7

v0.36.8

v0.36.8.1

v0.37.0

v0.37.0-rc2

v0.37.0.1

v0.37.0.2

v0.37.1

v0.37.2

v0.37.3

v0.37.4

v0.37.5

v0.37.6

v0.37.7

v0.37.8

v0.38.0

v0.38.0-preview

v0.38.0-rc1

v0.38.0-rc2

v0.38.0-rc3

v0.38.0-rc4

v0.38.0-rc5

v0.38.0.1

v0.38.1

v0.38.2

v0.38.3

v0.38.4

v0.39.0

v0.39.0-rc1

v0.39.0-rc2

v0.39.0.1

v0.39.1

v0.39.2

v0.39.3

v0.39.4

v0.40.0

v0.40.0-rc1-dan

v0.40.0-rc2

v0.41.0-RC1

v0.42.0-preview1

v0.43.0-rc1

v0.44.0

v0.44.0-RC1

v0.44.0-RC2

v0.44.0-RC3

v0.44.1

v0.44.2

v0.44.3

v0.44.4

v0.9-final

v0.9.1

v0.9.2

v0.9.3

v1.*

v1.37.0.2

v1.37.1

v1.37.1.1

v1.37.1.2

v1.37.2

v1.37.3

v1.37.4

v1.37.5

v1.37.6

v1.37.7

v1.37.8

v1.38.0

v1.38.0.1

v1.38.1

v1.38.1-migration

v1.38.2

v1.38.3

v1.38.4

v1.39.0

v1.39.0.1

v1.39.1

v1.39.2

v1.39.3

v1.39.4

v1.40.0

v1.40.0-rc2

v1.41.0-RC1

v1.42.0-preview1

v1.42.0-rc2

v1.43.0-rc1

v1.44.0

v1.44.0-RC1

v1.44.0-RC2

v1.44.0-RC3

v1.44.1

v1.44.2

v1.44.3

v1.44.4