Maven package
org.open-metadata/openmetadata-service
pkg:maven/org.open-metadata/openmetadata-service
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-55238 | — | <= 1.4.1 | — | Apr 17, 2025 | OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query. | ||
| CVE-2024-28848 | — | < 1.2.4 | 1.2.4 | Mar 15, 2024 | OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `CompiledRule::validateExpression` method evaluates an SpEL expression using an `StandardEvaluationCon | ||
| CVE-2024-28847 | — | < 1.2.4 | 1.2.4 | Mar 15, 2024 | OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptio | ||
| CVE-2024-28253 | — | < 1.3.1 | 1.3.1 | Mar 15, 2024 | OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called fr |
- CVE-2024-55238Apr 17, 2025affected <= 1.4.1
OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.
- CVE-2024-28848Mar 15, 2024affected < 1.2.4fixed 1.2.4
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `CompiledRule::validateExpression` method evaluates an SpEL expression using an `StandardEvaluationCon
- CVE-2024-28847Mar 15, 2024affected < 1.2.4fixed 1.2.4
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptio
- CVE-2024-28253Mar 15, 2024affected < 1.3.1fixed 1.3.1
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called fr