CVE-2024-28847 | open-metadata OpenMetadata up to 1.2.3 validateExpression code injection

Posted by Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability classified as critical was found in open-metadata OpenMetadata up to 1.2.3. This vulnerability affects the function AlertUtil::validateExpression. The manipulation leads to code injection.

This vulnerability was named CVE-2024-28847. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28847 | open-metadata OpenMetadata up to 1.2.3 validateExpression code injection

Related Posts

CVE-2024-29826 | Ivanti Endpoint Manager GetDBPatches sql injection

CVE-2024-45146 | Adobe Dimension SKP File Parser use after free (ZDI-24-1332)

CVE-2024-8108 | Share This Image Plugin up to 2.01 on WordPress alignment cross site scripting

CVE-2024-7059 | Genetec Security Center prior 5.12.2.1 externally-controlled input to select classes or code