CVE-2022-39362

Name of the Vulnerable Software and Affected Versions Metabase versions prior to 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9

Description The issue concerns the automatic execution of unsaved SQL queries, which could pose a possible attack vector. Metabase has addressed this by no longer automatically executing ad-hoc native queries, instead giving users the option to manually run the query.

Recommendations For versions prior to 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, update to version 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, or 1.41.9 to prevent automatic execution of unsaved SQL queries. As a temporary workaround, consider disabling the automatic execution of ad-hoc native queries until a patch is available.