Vendor
Authenticated administrators in vulnerable Metabase Enterprise editions can achieve Remote Code Execution (RCE) and Arbitrary File Read by injecting an `INIT` property into the H2 JDBC spec via a crafted serialization archive through the `POST /api/ee/serialization/import` endpoint.