CVE-2024-28848 | open-metadata OpenMetadata up to 1.2.3 validateExpression code injection

Posted by Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability, which was classified as critical, has been found in open-metadata OpenMetadata up to 1.2.3. This issue affects the function CompiledRule::validateExpression of the file /api/v1/policies/validation/condition/. The manipulation leads to code injection.

The identification of this vulnerability is CVE-2024-28848. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28848 | open-metadata OpenMetadata up to 1.2.3 validateExpression code injection

Related Posts

CVE-2024-0400 | Hitachi Energy MACH SCM up to 4.38 LINQ Query code injection

CVE-2024-5385 | oretnom23 Online Car Wash Booking System 1.0 /admin/ First Name/Last Name cross site scripting

CVE-2024-28829 | Checkmk mk_informix Agent Plugin up to 2.0.0p39/2.1.0p46/2.2.0p31/2.3.0p11 least privilege violation

CVE-2022-36764 | TianoCore EDK2 up to 202311 Tcg2MeasurePeImage heap-based overflow (GHSA-4hcq-p8q8-hj8j)