CVE-2025-50467

Medium CVSS: 6.5

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.

Vendor

Open-metadata

Product

Openmetadata

CWE

CWE-89

Yayın Tarihi

2025-08-08 17:15:29

Güncelleme

2025-08-11 14:49:15

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Openmetadata MEDIUM Open-metadata 2025

Referanslar

https://gist.github.com/javadk/ed0d38e4578405672f154e289036a705 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3527 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3528

Benzer Kayıtlar

High

CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines…

High

CVE-2026-22244

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server…

Medium

CVE-2025-50468

OpenMetadata

High

CVE-2025-50465

OpenMetadata

High

CVE-2025-50466

OpenMetadata

High

CVE-2024-55238

OpenMetadata