CVE-2021-41277 — Metabase GeoJSON API Local File Inclusion Vulnerability

Description

Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.

No package mapping is available — consult the references below for vendor-specific guidance.

Yes — CVE-2021-41277 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

No package mapping in OSV.