Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/02/05 12:59 a.m.10 views

CVE-2024-28253

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS9.6AI score0.12527EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/03/15 7:55 p.m.14 views

CVE-2024-28253 SpEL Injection in `PUT /api/v1/policies` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS9.7AI score0.12527EPSS
Exploits0References6
cvelist
cvelist
added 2024/03/15 7:55 p.m.29 views

CVE-2024-28253 SpEL Injection in `PUT /api/v1/policies` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS9.9AI score0.12527EPSS
Exploits0References6
cve
cve
added 2024/03/15 7:55 p.m.132 views

CVE-2024-28253

OpenMetadata (policy handling) is affected by a SpEL injection in PUT /api/v1/policies. The vulnerability arises because SpEL expressions are evaluated in PolicyRepository.prepare() before authorization checks, allowing an attacker to craft a policy payload that executes arbitrary code via a runt...

9.4CVSS9.7AI score0.12527EPSS
Exploits0References6Affected Software1
osv
osv
added 2024/03/15 7:55 p.m.10 views

CVE-2024-28253 SpEL Injection in `PUT /api/v1/policies` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS9.3AI score0.12527EPSS
Exploits0References8
Rows per page
Query Builder