The vulnerability of the CompiledRule::validateExpression method (/api/v1/policies/validation/condition/) of the OpenMetadata metadata management platform allows a violator to execute arbitrary code.

The vulnerability of the ‎CompiledRule::validateExpression /api/v1/policies/validation/condition/ method of the OpenMetadata platform is related to improper code generation management. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

GHSA-7VF4-X5M2-R6GR OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)

SpEL Injection in PUT /api/v1/policies GHSL-2023-252 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability CompiledRule::validateExpression is also called from...

VulnCheck KEV: CVE-2024-28253

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

VulnCheck KEV: CVE-2024-28254

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...