Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 12:59 a.m.7 views

CVE-2024-28253

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS9.6AI score0.12527EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/15 7:55 p.m.14 views

CVE-2024-28253 SpEL Injection in `PUT /api/v1/policies` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS9.7AI score0.12527EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/03/15 7:55 p.m.26 views

CVE-2024-28253 SpEL Injection in `PUT /api/v1/policies` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS9.9AI score0.12527EPSS
Exploits0References6
OSV
OSV
added 2024/03/15 7:55 p.m.9 views

CVE-2024-28253 SpEL Injection in `PUT /api/v1/policies` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS9.3AI score0.12527EPSS
Exploits0References8
CVE
CVE
added 2024/03/15 7:55 p.m.130 views

CVE-2024-28253

OpenMetadata (policy handling) is affected by a SpEL injection in PUT /api/v1/policies. The vulnerability arises because SpEL expressions are evaluated in PolicyRepository.prepare() before authorization checks, allowing an attacker to craft a policy payload that executes arbitrary code via a runt...

9.4CVSS9.7AI score0.12527EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder