Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2024/04/24 5:6 p.m.37 views

OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)

SpEL Injection in GET /api/v1/policies/validation/condition/ GHSL-2023-236 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability. A user must exist in OpenMetadata and...

8.8CVSS8.9AI score0.07888EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2024/03/15 8:15 p.m.51 views

CVE-2024-28848

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

8.8CVSS9.4AI score0.07888EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/03/15 7:55 p.m.20 views

CVE-2024-28848 SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

8.8CVSS8.5AI score0.07888EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/03/15 7:55 p.m.50 views

CVE-2024-28848 SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

8.8CVSS9.6AI score0.07888EPSS
Exploits0References4
CVE
CVE
added 2024/03/15 7:55 p.m.239 views

CVE-2024-28848

CVE-2024-28848 is a SpEL injection vulnerability in OpenMetadata's GET /api/v1/policies/validation/condition/. The CompiledRule.validateExpression flow evaluates user-supplied SpEL against Java types (e.g., Runtime), enabling remote code execution. The issue is exploitable by authenticated non-ad...

8.8CVSS9.4AI score0.07888EPSS
In wildExploits0References4Affected Software1
Rows per page
Query Builder