Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 1:4 a.m.7 views

CVE-2024-28847

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...

8.8CVSS8.9AI score0.02372EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2024/04/24 5:6 p.m.5 views

org.open-metadata:openmetadata-dist (>=0.12.1 <=DEMO_BETA1), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +2 more potentially affected by CVE-2024-28847 via org.open-metadata:openmetadata-service (>=DEMO_BETA1 <=1.2.3)

org.open-metadata:openmetadata-service MAVEN version =DEMOBETA1, =0.12.1, =1.12.0, =1.10.0, =1.13.0-snapshot - org.open-metadata:openmetadata-ui =0.12.1.preview Source cves: CVE-2024-28847 Source advisory: OSV:GHSA-8P5R-6MVV-2435...

8.8CVSS7.8AI score0.02372EPSS
Exploits1
NVD
NVD
added 2024/03/15 8:15 p.m.21 views

CVE-2024-28847

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...

8.8CVSS9AI score0.02372EPSS
Exploits1References6
CVE
CVE
added 2024/03/15 7:55 p.m.114 views

CVE-2024-28847

OpenMetadata contains a SpEL (Spring Expression Language) injection in PUT /api/v1/events/subscriptions. The vulnerability stems from AlertUtil.validateExpression invoked by EventSubscriptionRepository.prepare(), called during EntityRepository.prepareInternal() as part of createOrUpdate flow, all...

8.8CVSS9AI score0.02372EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2024/03/15 7:55 p.m.41 views

CVE-2024-28847 SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...

8.8CVSS9.2AI score0.02372EPSS
Exploits1References6
Circl
Circl
added 2024/03/15 6:11 a.m.6 views

CVE-2024-28847

creationtimestamp| type| source ---|---|--- 2024-03-15 06:11:53+00:00| published-proof-of-concept| https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-8p5r-6mvv-2435 2024-03-15 21:22:18+00:00| seen| https://t.me/ctinow/209162 2024-03-15 21:26:31+00:00| seen|...

8.8CVSS7.5AI score0.02372EPSS
Exploits1References8
Rows per page
Query Builder