|
|
|
|
|
|
by formerly_proven
1061 days ago
|
|
|
> Extremely severe. An unauthenticated attacker can run arbitrary commands with the same privileges as the Metabase server on the server you are running Metabase on. Java deserialization strikes another one down, I assume? |
|
|