CVE-2024-55238

High CVSS: 7.1

OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.

Vendor

Open-metadata

Product

Openmetadata

CWE

CWE-89

Yayın Tarihi

2025-04-17 16:15:27

Güncelleme

2025-04-24 12:47:25

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Openmetadata HIGH Open-metadata 2025

Referanslar

https://gist.github.com/javadk/68c597cdb94768dab31a3219c2ad9904 https://github.com/open-metadata/OpenMetadata/blob/98945cb2db87ebb325d3a72131f049abffcba345/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L4243 https://github.com/open-metadata/OpenMetadata/blob/98945cb2db87ebb325d3a72131f049abffcba345/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L4247 https://gist.github.com/javadk/68c597cdb94768dab31a3219c2ad9904

Benzer Kayıtlar

High

CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines…

High

CVE-2026-22244

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server…

Medium

CVE-2025-50467

OpenMetadata

Medium

CVE-2025-50468

OpenMetadata

High

CVE-2025-50465

OpenMetadata

High

CVE-2025-50466

OpenMetadata