CVE-2024-28848 | open-metadata OpenMetadata up to 1.2.3 validateExpression code injection

Inserito da Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability, which was classified as critical, has been found in open-metadata OpenMetadata up to 1.2.3. This issue affects the function CompiledRule::validateExpression of the file /api/v1/policies/validation/condition/. The manipulation leads to code injection.

The identification of this vulnerability is CVE-2024-28848. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28848 | open-metadata OpenMetadata up to 1.2.3 validateExpression code injection

Post correlati

CVE-2024-36742 | Oneflow 0.9.1 oneflow.scatter_nd denial of service

CVE-2024-1825 | CodeAstro House Rental Management System 1.0 User Registration Page address cross site scripting

CVE-2024-0977 | narinder-singh Timeline Widget for Elementor Plugin up to 1.5.3 on WordPress Image URL cross site scripting

CVE-2024-42789 | Kashipara Music Management System 1.0 controller.php page cross site scripting