6 matches found
CVE-2024-28847
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...
org.open-metadata:openmetadata-dist (>=0.12.1 <=DEMO_BETA1), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +2 more potentially affected by CVE-2024-28847 via org.open-metadata:openmetadata-service (>=DEMO_BETA1 <=1.2.3)
org.open-metadata:openmetadata-service MAVEN version =DEMOBETA1, =0.12.1, =1.12.0, =1.10.0, =1.13.0-snapshot - org.open-metadata:openmetadata-ui =0.12.1.preview Source cves: CVE-2024-28847 Source advisory: OSV:GHSA-8P5R-6MVV-2435...
CVE-2024-28847
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...
CVE-2024-28847
OpenMetadata contains a SpEL (Spring Expression Language) injection in PUT /api/v1/events/subscriptions. The vulnerability stems from AlertUtil.validateExpression invoked by EventSubscriptionRepository.prepare(), called during EntityRepository.prepareInternal() as part of createOrUpdate flow, all...
CVE-2024-28847 SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...
CVE-2024-28847
creationtimestamp| type| source ---|---|--- 2024-03-15 06:11:53+00:00| published-proof-of-concept| https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-8p5r-6mvv-2435 2024-03-15 21:22:18+00:00| seen| https://t.me/ctinow/209162 2024-03-15 21:26:31+00:00| seen|...