Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 1:1 a.m.16 views

CVE-2024-28848

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

8.8CVSS9.7AI score0.07888EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/04/24 5:6 p.m.4 views

org.open-metadata:openmetadata-dist (>=0.12.1 <=DEMO_BETA1), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +2 more potentially affected by CVE-2024-28848 via org.open-metadata:openmetadata-service (>=DEMO_BETA1 <=1.2.3)

org.open-metadata:openmetadata-service MAVEN version =DEMOBETA1, =0.12.1, =1.12.0, =1.10.0, =1.13.0-snapshot - org.open-metadata:openmetadata-ui =0.12.1.preview Source cves: CVE-2024-28848 Source advisory: OSV:GHSA-5XV3-FM7G-865R...

8.8CVSS7.8AI score0.07888EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2024/04/17 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-28848

The OpenMetadata CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext which allows the expression to reach and interact with Java classes such as java.lang.Runtime and leading to Remote Code Execution. The...

8.8CVSS7.5AI score0.07888EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/15 7:55 p.m.20 views

CVE-2024-28848 SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

8.8CVSS8.5AI score0.07888EPSS
Exploits0References4
CVE
CVE
added 2024/03/15 7:55 p.m.239 views

CVE-2024-28848

CVE-2024-28848 is a SpEL injection vulnerability in OpenMetadata's GET /api/v1/policies/validation/condition/. The CompiledRule.validateExpression flow evaluates user-supplied SpEL against Java types (e.g., Runtime), enabling remote code execution. The issue is exploitable by authenticated non-ad...

8.8CVSS9.4AI score0.07888EPSS
In wildExploits0References4Affected Software1
Rows per page
Query Builder