VYPR

Maven package

org.open-metadata/openmetadata-service

pkg:maven/org.open-metadata/openmetadata-service

Vulnerabilities (4)

  • CVE-2024-55238Apr 17, 2025
    affected <= 1.4.1

    OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.

  • CVE-2024-28848Mar 15, 2024
    affected < 1.2.4fixed 1.2.4

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `‎CompiledRule::validateExpression` method evaluates an SpEL expression using an `StandardEvaluationCon

  • CVE-2024-28847Mar 15, 2024
    affected < 1.2.4fixed 1.2.4

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptio

  • CVE-2024-28253Mar 15, 2024
    affected < 1.3.1fixed 1.3.1

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called fr