CVE-2025-50465

High CVSS: 7.1

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.

Vendor

Open-metadata

Product

Openmetadata

CWE

CWE-89

Yayın Tarihi

2025-08-08 17:15:28

Güncelleme

2025-08-11 14:48:13

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Openmetadata HIGH Open-metadata 2025

Referanslar

https://gist.github.com/javadk/c23cc3276f3fb5587b0f4345d7a71a7f https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3515 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3517

Benzer Kayıtlar

High

CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines…

High

CVE-2026-22244

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server…

Medium

CVE-2025-50467

OpenMetadata

Medium

CVE-2025-50468

OpenMetadata

High

CVE-2025-50466

OpenMetadata

High

CVE-2024-55238

OpenMetadata