CVE-2022-43776

CVE-2022-43776

The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.

Source: CVE-2022-43776

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다