CVE-2024-28254 | open-metadata OpenMetadata up to 1.2.3 validateExpression os command injection

Posted by Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability classified as critical has been found in open-metadata OpenMetadata up to 1.2.3. This affects the function AlertUtil::validateExpression of the file /api/v1/events/subscriptions/validation/condition/. The manipulation leads to os command injection.

This vulnerability is uniquely identified as CVE-2024-28254. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28254 | open-metadata OpenMetadata up to 1.2.3 validateExpression os command injection

Related Posts

CVE-2024-31840 | Italtel 1.6.4 Edit Form sensitive information in source

CVE-2024-34014 | Acronis Backup Plugin for cPanel & WHM on Linux symlink

CVE-2024-25630 | Cilium up to 1.14.6 CRD missing encryption (GHSA-7496-fgv9-xw82)

CVE-2024-21733 | Apache Tomcat up to 8.5.63/9.0.43 Incomplete POST Request information exposure