OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)

SpEL Injection in PUT /api/v1/policies GHSL-2023-252 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability CompiledRule::validateExpression is also called from...

VulnCheck KEV: CVE-2024-28847

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from...

Expression Language Injection

OpenMetadata is vulnerable to Expression Language Injection. The vulnerability is due to in validateExpression function evaluates SpEL expressions using a StandardEvaluationContext, This enabling interaction with Java classes like java.lang.Runtime, ultimately resulting in Remote Code Execution...

Expression Language Injection

OpenMetadata is vulnerable to Expression Language Injection. The vulnerability is caused due to a lack of proper authorization checks, allowing attackers to execute arbitrary code by exploiting Expression language injection in the CompiledRule::validateExpression method...

SpEL Injection

OpenMetadata is vulnerable to Expression Language SpEL Injection. The vulnerability is caused due to a lack of validation of user-controlled data within the AlertUtil::validateExpression method, which allows the execution of arbitrary system commands through user-controlled data, leading to Remot...

PT-2024-3067

Name of the Vulnerable Software and Affected Versions: OpenMetadata versions prior to 1.2.4 Description: The issue is related to the AlertUtil::validateExpression method, which can lead to Remote Code Execution. An attacker can send a PUT request to "/api/v1/events/subscriptions" to exploit this...