Nneonneoon

**Name of the Vulnerable Software and Affected Versions** Metabase open source versions prior to 0.46.6.1 Metabase Enterprise versions prior to 1.46.6.1 **Description** The issue allows attackers to execute arbitrary commands on the server at the server's privilege level without requiring authentication. Over 5,000 instances are potentially vulnerable to attacks. The vulnerability resides within the Metabase API endpoint: "/api/setup/validate". It enables remote attackers to bypass existing security restrictions and execute arbitrary code. **Recommendations** For Metabase open source versions prior to 0.46.6.1, update to version 0.46.6.1 or later. For Metabase Enterprise versions prior to 1.46.6.1, update to version 1.46.6.1 or later. As a temporary workaround, consider restricting access to the "/api/setup/validate" API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** AdBlock versions prior to 3.45.0 **Description** The issue allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect. **Recommendations** For versions prior to 3.45.0, update to version 3.45.0 or later to resolve the issue.