CVE-2022-39361— Metabase vulnerable to Remote Code Execution via H2
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-39361
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Metabase vulnerable to Remote Code Execution via H2
Source: NVD (National Vulnerability Database)
Vulnerability Description
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer allows DDL statements in H2 native queries.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Metabase 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 存在安全漏洞,该漏洞源于H2(示例数据库)可以允许远程代码执行(RCE),这可能会被能够在 H2 数据库上编写 SQL 查询的用户滥用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2022-39361
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-39361
请登录查看更多情报信息。
Same Patch Batch · metabase · 2022-10-26 · 5 CVEs total
| CVE-2022-39362 | 8.8 HIGH | Metabase vulnerable to arbitrary SQL execution from queryhash |
| CVE-2022-39358 | 6.5 MEDIUM | Metabase vulnerable to circumvention of Locked parameter in Signed Embedding |
| CVE-2022-39359 | 6.5 MEDIUM | Metabase's GeoJSON validation doesn't prevent redirects to blocked URLs |
| CVE-2022-39360 | 6.5 MEDIUM | Metabase SSO users able to circumvent IdP login by doing password reset |
IV. Related Vulnerabilities
Same product: metabase
- CVE-2026-33725
Metabase vulnerable to RCE and Arbitrary File Read via H2 JD - CVE-2026-27464
Metabase: Server-Side Template Injection via Notifications E - CVE-2026-22805
Metabase channel test endpoint can reach internal local addr - CVE-2025-5895
Metabase dom.js parseDataUri redos - CVE-2025-32382
Snowflake credentials logged by the Metabase backend
Same vendor: metabase
- CVE-2026-33725
Metabase vulnerable to RCE and Arbitrary File Read via H2 JD - CVE-2026-27464
Metabase: Server-Side Template Injection via Notifications E - CVE-2026-22805
Metabase channel test endpoint can reach internal local addr - CVE-2025-32382
Snowflake credentials logged by the Metabase backend - CVE-2025-30371
Metabase vulnerable to circumvention of local link access pr
Same weakness: CWE-20
V. Comments for CVE-2022-39361
No comments yet