Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:metabase:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductMetabase (4b3e58dc-b619-5581-8681-99cad7c35317)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-5895 vulnerable 2026-06-08 07:37:25.992994 Metabase dom.js parseDataUri redos
MEDIUM (4.3)
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named 4454ebbdc7719016bf80ca0f34859ce5cee9f6b0. It is recommended to apply a patch to fix this issue.
Published: 2025-06-09T20:00:19.261Z
Updated: 2025-06-10T15:30:32.919Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-43776 vulnerable 2026-06-08 05:49:34.033380 Details available
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.
Published: 2022-10-26T00:00:00.000Z
Updated: 2025-05-07T13:33:17.065Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.