CVE-2024-28253 | open-metadata OpenMetadata up to 1.3.0 validateExpression code injection

Posted by Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability was found in open-metadata OpenMetadata up to 1.3.0. It has been rated as critical. Affected by this issue is the function CompiledRule::validateExpression. The manipulation leads to code injection.

This vulnerability is handled as CVE-2024-28253. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28253 | open-metadata OpenMetadata up to 1.3.0 validateExpression code injection

Related Posts

CVE-2024-41819 | enchant97 note-mark up to 0.13.0 URL cross site scripting (GHSA-rm48-9mqf-8jc3)

CVE-2024-30347 | Foxit PDF Reader U3D File Parser out-of-bounds

CVE-2024-23937 | Silicon Labs Gecko OS Debug Interface format string

CVE-2023-52883 | Linux Kernel up to 6.5.8 amdgpu_vm_bo_update null pointer dereference (fefac8c4686f/51b79f338175)