CVE STALKER

CVE-2021-41277

CVSS
DESCRIPTIONMetabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.
HEAT SCORE551

WORDS

TWEETS

DATE TWEETS USER
2021-11-25 13:00:08@HackerGautam I think @trick3st is way better for #CVE-2021-41277 #bugbountytips https://t.co/ejYEeZQQB8milanshiftsec
2021-11-24 19:42:53■■■■■ Zero-Day | CVE-2021-41277 cat targets.txt | while read host do;do curl --silent --insecure --path-as-is "$ho… https://t.co/HSfGZUairF https://twitter.com/i/web/status/1463591650643652609cKure7
2021-11-24 16:50:40CVE-2021-41277 🔥👇 ✅ One Liner : cat targets.txt| while read host do;do curl --silent --insecure --path-as-is "$h… https://t.co/FiXmhMObSq https://twitter.com/i/web/status/1463548181904457730HackerGautam
2021-11-24 10:42:17🚩New vulnerability: Metabase Arbitrary File Read (CVE-2021-41277) (RedTeam version)#Goby #CVE More Vulnerabilitie… https://t.co/bK2n8trHjU https://twitter.com/i/web/status/1463454928483930122GobySec
2021-11-24 10:01:47Metabase_CVE-2021-41277 Payload ⤵️ https://t.co/JoZOd6qJJU #infosec #cybersecurity https://t.co/9xrLNGulwL https://github.com/Vulnmachines/Metabase_CVE-2021-41277RapidSafeguard
2021-11-23 18:32:28CVE-2021-41277 https://t.co/ehh40ffIOt #HarsiaInfo https://har-sia.info/CVE-2021-41277.htmlHar_sia
2021-11-23 16:24:21Severity: 🔥🔥 | Metabase is an open source data analytic... | CVE-2021-41277 | Link for more: https://t.co/0Z4Gqp4uq6 http://alerts.remotelyrmm.com/CVE-2021-41277RemotelyAlerts
2021-11-23 16:01:13New post from https://t.co/uXvPWJy6tj (CVE-2021-41277 (metabase)) has been published on https://t.co/DeH2R2sjSK http://www.sesin.at https://www.sesin.at/2021/11/23/cve-2021-41277-metabase/WolfgangSesin
2021-11-23 16:01:02New post from https://t.co/9KYxtdZjkl (CVE-2021-41277 (metabase)) has been published on https://t.co/knTBP1HzWe http://www.sesin.at https://www.sesin.at/2021/11/23/cve-2021-41277-metabase/www_sesin_at
2021-11-23 16:00:36CVE-2021-41277 - https://t.co/tMhL4UPrpF #Uncategorized #cybersecurity https://www.redpacketsecurity.com/cve-2021-41277/RedPacketSec
2021-11-23 15:10:49CVE-2021-41277 https://t.co/ehh40ffaYV #HarsiaInfo https://har-sia.info/CVE-2021-41277.htmlHar_sia
2021-11-23 14:50:16🚨 NEW: CVE-2021-41277 🚨 Metabase is an open source data analytics platform. In affected versions a security issue h… https://t.co/vmcIhosCz7 https://twitter.com/i/web/status/1463157775782006796threatintelctr
2021-11-23 00:51:0814 new OPEN, 26 new PRO (14 + 12). CVE-2021-41277, CVE-2021-42321, CobaltStrike, Candiru, Various Others. Thanks… https://t.co/QA9QFLkTCs https://twitter.com/i/web/status/1462945889530568708ET_Labs
2021-11-23 00:30:37Exploit for CVE-2021-41277 https://t.co/JzUwBHe9jO #Exploit #Sploitus https://sploitus.com/exploit?id=A45EBD6B-F466-52E0-B3AD-4EF6DCAFF37Esploitus_com
2021-11-22 21:30:32expbox/CVE-2021-41277.yaml at main · 0x0021h/expbox · GitHub https://t.co/0nocVKzcLa https://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yamlSecurityblog
2021-11-22 15:10:25CVE-2021-41277 https://t.co/ehh40ffIOt #HarsiaInfo https://har-sia.info/CVE-2021-41277.htmlHar_sia
2021-11-22 14:20:34@daffainfo @shaybt12 cat domains.mkd | httpx | nuclei -t nuclei-templates/cves/2021/CVE-2021-41277.yaml why not this??Jacklsd1
2021-11-22 10:50:12CVE-2021-41277: Metabase local file inclusion vulerability alert https://t.co/TsMZwFO5bG #opensource #infosec #security #pentest https://securityonline.info/cve-2021-41277-metabase-local-file-inclusion-vulerability-alert/the_yellow_fall
2021-11-22 10:50:06CVE-2021-41277: Metabase local file inclusion vulerability alert https://t.co/d7ntLaScX3 https://t.co/chDcBPways http://dlvr.it/SCygSsAcooEdi
2021-11-22 09:00:10#bugbountytips #bugbounty #CVE-2021-41277 Metabase Custom GeoJSON Map file inclusion https://domain/api/geojson?u… https://t.co/l5aElFAyR1 https://twitter.com/i/web/status/1462706241075957767cycatz2
2021-11-22 02:30:06CVE-2021-41277 MetaBase Arbitrary File Read MetaBase < 0.40.5 1.0.0 <= MetaBase < 1.40.5 https://t.co/l0dtoASpMs… https://t.co/tNOn17iUMd https://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yaml https://twitter.com/i/web/status/1462607917027184642NandanLohitaksh
2021-11-21 18:40:06Tips to ur hunts! httpx for CVE-2021-41277, look: httpx -l IPlist.txt -follow-redirects -title -path /api/geojson?… https://t.co/m70u4FrVCb https://twitter.com/i/web/status/1462489182090182657SidiJunior
2021-11-21 15:10:17CVE-2021-41277 https://t.co/ehh40ffIOt #HarsiaInfo https://har-sia.info/CVE-2021-41277.htmlHar_sia
2021-11-21 15:00:03@youlookdreamy on list of IP its find if there vuln to CVE-2021-41277 if you give it automtion with shodan and nuc… https://t.co/oJqjpaIVnG https://twitter.com/i/web/status/1462435166375366666shaybt12
2021-11-21 13:50:05@shaybt12 echo "https://t.co/6jKKc48dKf" | httpx | nuclei -t nuclei-templates/cves/2021/CVE-2021-41277.yaml U can do this too! http://site.comdaffainfo
2021-11-21 12:30:07Заметки Gebutcher https://t.co/xs9yAeHjtB Произвольное чтение файлов в Metabase (CVE-2021-41277) Metabase - это пл… https://t.co/OSfJvClUSs https://t.me/gebutcher/5400 https://twitter.com/i/web/status/1462397155725955083gebutcher
2021-11-21 12:10:07Произвольное чтение файлов в Metabase (CVE-2021-41277) Metabase - это платформа для анализа данных с открытым исход… https://t.co/tVIjYTxHmZ https://twitter.com/i/web/status/1462391474406973446hack_git
2021-11-21 06:10:05#CVE-2021-41277: MetaBase Arbitrary File Read https://t.co/vheHCACeX5 #exploit https://t.co/plcfhzsbFc https://t.co/p05UaQ0YmK https://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yaml https://t.me/hackgit/2039hack_git
2021-11-21 02:50:06New post: "CVE-2021-41277 MetaBase Arbitrary File Read" https://t.co/LjPvvUctCO https://ift.tt/30SpsRoMyinfosecfeed
2021-11-21 02:00:05CVE-2021-41277 MetaBase Arbitrary File Read via /r/netsec https://t.co/vLYOZZrVjk #cybersecurity #netsec #news https://ift.tt/3DJXp5aCybrXx0
2021-11-21 01:30:13CVE-2021-41277 MetaBase Arbitrary File Read https://t.co/ovYMVELLXi https://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yaml_r_netsec
2021-11-21 01:20:14CVE-2021-41277 MetaBase Arbitrary File Read MetaBase < 0.40.5 1.0.0 <= MetaBase < 1.40.5 https://t.co/TtJHu6lvr1… https://t.co/hhhHyziUzR https://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yaml https://twitter.com/i/web/status/14622282547026411580x0021h
2021-11-20 18:10:09httpx for CVE-2021-41277 httpx -l IPlist.txt -follow-redirects -title -path /api/geojson?url=file:///etc/passwd -m… https://t.co/fQ9nvJLRIL https://twitter.com/i/web/status/1462120496129003522shaybt12
2021-11-20 13:41:01heuheu 😉 CVE-2021-41277 https://t.co/9qpik89abIWayc0de
2021-11-20 12:20:09If you use Metabase < 0.40.5 you should patch your instance ASAP CVE-2021-41277 (Metabase LFI) is very easy to ex… https://t.co/v0mdxtepHk https://twitter.com/i/web/status/1462030479071318017mercuryheavens
2021-11-20 11:20:14CVE-2021-41277 POC Metabase is an open source data analytics platform. In affected versions a security issue has be… https://t.co/EBWTmnsca0 https://twitter.com/i/web/status/1462016005174140938Mohamed87Khayat
2021-11-20 05:10:06Metabase 敏感信息泄露 CVE-2021-41277 GET /api/geojson?url=file:/etc/passwd HTTP/1.1 Host: ... https://t.co/0jJqDHIr9e90security
2021-11-19 15:37:10Metabase File read CVE-2021-41277 https://t.co/JD89hVu24Ir4v3zn
2021-11-18 00:43:26New post from https://t.co/uXvPWJy6tj (CVE-2021-41277) has been published on https://t.co/c9lbMqyFey http://www.sesin.at https://www.sesin.at/2021/11/18/cve-2021-41277/WolfgangSesin
2021-11-18 00:42:26New post from https://t.co/9KYxtdZjkl (CVE-2021-41277) has been published on https://t.co/0elHOPWCmg http://www.sesin.at https://www.sesin.at/2021/11/18/cve-2021-41277/www_sesin_at
2021-11-17 23:20:35Let the annals of the day show that CVE-2021-41277... has been granted the moniker Thankless Mojarra https://t.co/iBD0k2jadY https://nvd.nist.gov/vuln/detail/CVE-2021-41277vulnonym
2021-11-17 22:20:57CVE-2021-41277 Metabase is an open source data analytics platform. In af... https://t.co/rSUAIYpwzO Don't wait v… https://t.co/9InZF6mhxS http://vulmon.com/vulnerabilitydetails?qid=CVE-2021-41277 https://twitter.com/i/web/status/1461095849178673154VulmonFeeds
2021-11-17 20:50:14CVE-2021-41277 Metabase is an open source data analytics platform. In affected versions a security issue has been d… https://t.co/vzLpKLZb40 https://twitter.com/i/web/status/1461073016973111303CVEnew
2021-11-17 20:20:10CVE-2021-41277 : Metabase is an open source data analytics platform. In affected versions a security issue has been… https://t.co/1fCQ8Tcntz https://twitter.com/i/web/status/1461066257323724811CVEreport