CVE-2025-50466

High CVSS: 7.1

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.

Vendor

Open-metadata

Product

Openmetadata

CWE

CWE-89

Yayın Tarihi

2025-08-08 17:15:28

Güncelleme

2025-08-11 14:48:56

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Openmetadata HIGH Open-metadata 2025

Referanslar

https://gist.github.com/javadk/aa7b5eb6f0fca2fbc334129b7572c7c6 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3521 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3522 https://gist.github.com/javadk/aa7b5eb6f0fca2fbc334129b7572c7c6

Benzer Kayıtlar

High

CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines…

High

CVE-2026-22244

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server…

Medium

CVE-2025-50467

OpenMetadata

Medium

CVE-2025-50468

OpenMetadata

High

CVE-2025-50465

OpenMetadata

High

CVE-2024-55238

OpenMetadata