Code Monkey home page Code Monkey logo

cve-2021-41277's Introduction

CVE-2021-41277

Usage

1. show help info

~/CVE-2021-41277
❯ go run main.go -h                     
Usage of main:
  -f string
        File containing list of targets to verfity
  -o string
        File to write output to (optional)
  -s    Show VulnInfo output
  -t int
        Number of concurrent goroutines for resolving (default 10)
  -u string
        Target to verfity CVE-2021-41277
  -v    Show Verbose output

2. show vuln info

~/CVE-2021-41277
❯ go run main.go -s 
[INF] VulnInfo:
{
  "Name": "Metabase sensitive information leakage",
  "VulID": "CVE-2021-41277",
  "Version": "1.0",
  "Author": "z3",
  "VulDate": "2021-11-20",
  "References": [
    "https://nosec.org/home/detail/4909.html",
    "https://www.freebuf.com/vuls/306858.html"
  ],
  "AppName": "metabase",
  "AppPowerLink": "https://www.metabase.com/",
  "AppVersion": "metabase version \u003c 0.40.5 and metabase version \u003e= 1.0.0, \u003c 1.40.5",
  "VulType": "INFORMATION DISCLOSURE",
  "Description": "Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin-\u003esettings-\u003emaps-\u003ecustom maps-\u003eadd a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you\u0026#8217;re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.",
  "Category": "REMOTE",
  "Dork": {
    "Fofa": "app=\"metabase\"",
    "Quake": "",
    "Zoomeye": "",
    "Shodan": ""
  }
}%

3. execute detect

cat test.txt | go run main.go -t 20 -v

cve-2021-41277's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.