CVE-2024-28847 | open-metadata OpenMetadata up to 1.2.3 validateExpression code injection

Posted by Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability classified as critical was found in open-metadata OpenMetadata up to 1.2.3. This vulnerability affects the function AlertUtil::validateExpression. The manipulation leads to code injection.

This vulnerability was named CVE-2024-28847. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28847 | open-metadata OpenMetadata up to 1.2.3 validateExpression code injection

Related Posts

CVE-2024-41122 | woodpecker-ci woodpecker up to 2.6.x injection (ID 10)

CVE-2024-26146 | rubygem-rack Header Parser denial of service

CVE-2024-6891 | Journyx jtime 11.5.4 Login Flow code injection

CVE-2024-4189 | OpenText Application Automation Tools Plugin up to 24.1.0 on Jenkins XML File LrScriptResultsParser.java xml external entity reference