CVE-2022-39358 Information

Description

Metabase is data visualization software. Prior to versions 0.44.5 1.44.5 0.43.7 1.43.7 0.42.6 and 1.42.6 it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5 1.44.5 0.43.7 1.43.7 0.42.6 and 1.42.6.

Reference

https://github.com/metabase/metabase/security/advisories/GHSA-8qgm-9mj6-36h3