CVE-2024-28254 | open-metadata OpenMetadata up to 1.2.3 validateExpression os command injection

Inserito da Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability classified as critical has been found in open-metadata OpenMetadata up to 1.2.3. This affects the function AlertUtil::validateExpression of the file /api/v1/events/subscriptions/validation/condition/. The manipulation leads to os command injection.

This vulnerability is uniquely identified as CVE-2024-28254. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28254 | open-metadata OpenMetadata up to 1.2.3 validateExpression os command injection

Post correlati

CVE-2024-42461 | Elliptic Package 6.5.6 on Node.js ECDSA Signature signature verification

CVE-2024-20763 | Adobe Animate 2023/Animate 2024 out-of-bounds (APSB24-19)

CVE-2024-27958 | Themeisle Visualizer Plugin up to 3.10.5 on WordPress cross site scripting

CVE-2024-33941 | Avirtum iPanorama 360 WordPress Virtual Tour Builder Plugin authorization