Lucene search
K

4 matches found

nvd
nvd
added 2024/03/15 8:15 p.m.36 views

CVE-2024-28254

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...

8.8CVSS9.4AI score0.45725EPSS
Exploits3References5
cvelist
cvelist
added 2024/03/15 7:55 p.m.39 views

CVE-2024-28254 SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...

8.8CVSS9.6AI score0.45725EPSS
Exploits3References5
vulnrichment
vulnrichment
added 2024/03/15 7:55 p.m.18 views

CVE-2024-28254 SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...

8.8CVSS8.9AI score0.45725EPSS
Exploits3References5
cve
cve
added 2024/03/15 7:55 p.m.235 views

CVE-2024-28254

OpenMetadata CVE-2024-28254 is a SpEL injection at GET /api/v1/events/subscriptions/validation/condition/, allowed by AlertUtil::validateExpression, which can reach java.lang.Runtime via StandardEvaluationContext to perform arbitrary commands (RCE). Authentication bypass concerns exist via CVE-20...

8.8CVSS9.7AI score0.45725EPSS
In wildExploits3References5Affected Software1
Rows per page
Query Builder