CVE-2025-50468

Medium CVSS: 6.5

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.

Vendor

Open-metadata

Product

Openmetadata

CWE

CWE-89

Yayın Tarihi

2025-08-08 17:15:29

Güncelleme

2025-08-11 14:49:32

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Openmetadata MEDIUM Open-metadata 2025

Referanslar

https://gist.github.com/javadk/0be29d2bb5a971bc09f3410659c83308 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L4411 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L4412

Benzer Kayıtlar

High

CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines…

High

CVE-2026-22244

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server…

Medium

CVE-2025-50467

OpenMetadata

High

CVE-2025-50465

OpenMetadata

High

CVE-2025-50466

OpenMetadata

High

CVE-2024-55238

OpenMetadata