PatchSiren cyber security CVE debrief
CVE-2021-41277 Metabase CVE debrief
CVE-2021-41277 is a Metabase GeoJSON API local file inclusion vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-11-12. The KEV listing means CISA has determined the issue has been exploited in the wild, so exposed Metabase deployments should be treated as a priority remediation item. The supplied records do not include a CVSS score, so prioritization here is driven by known exploitation status and the vendor-linked mitigation guidance referenced by CISA.
- Vendor
- Metabase
- Product
- Metabase
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2024-11-12
- Advisory published
- 2024-11-12
- Advisory updated
- 2024-11-12
Who should care
Security teams responsible for Metabase deployments, application owners that rely on Metabase, vulnerability management teams tracking KEV items, and incident responders assessing potential exposure to known-exploited web application flaws.
Technical summary
The supplied sources identify the issue as a local file inclusion weakness in Metabase’s GeoJSON API. CISA’s KEV entry marks the vulnerability as known exploited and directs defenders to apply vendor mitigations or discontinue use of the product if mitigations are unavailable. No additional exploit mechanics, affected version ranges, or remediation specifics are included in the provided corpus.
Defensive priority
High. CISA inclusion in KEV is a strong signal to prioritize mitigation now, especially for any internet-facing or broadly reachable Metabase instance. Use the vendor guidance referenced by CISA as the primary remediation path.
Recommended defensive actions
- Locate all Metabase instances in your environment and confirm whether any are exposed to untrusted users or networks.
- Review the vendor advisory linked from the KEV entry and apply the recommended mitigation or update path as soon as possible.
- If vendor mitigations are unavailable or cannot be applied quickly, follow CISA guidance to discontinue use of the product until risk is reduced.
- Restrict access to Metabase while remediation is underway, with particular attention to the GeoJSON API surface referenced in the vulnerability name.
- Validate remediation by confirming the affected deployment no longer matches the vulnerable configuration described by the vendor and by CISA.
Evidence notes
Evidence is limited to the supplied CISA KEV record and official CVE/NVD links. The KEV metadata identifies the vulnerability as 'Metabase GeoJSON API Local File Inclusion Vulnerability,' lists Metabase as the vendor/product, and marks it as known exploited with dateAdded 2024-11-12 and dueDate 2024-12-03. No CVSS score, affected version range, or vendor advisory text was included in the corpus provided here.
Official resources
-
CVE-2021-41277 CVE record
CVE.org
-
CVE-2021-41277 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
Publicly documented known-exploited vulnerability; no exploit instructions or reproduction details included.