Lucene search
Veracode Vulnerability DatabaseVERACODE:46004HistoryMar 26, 2024 - 5:25 a.m.
Expression Language Injection
2024-03-2605:25:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
openmetadata
vulnerability
expression language injection
compiledrule
validateexpression
authorization checks
arbitrary code
OpenMetadata is vulnerable to Expression Language Injection. The vulnerability is caused due to a lack of proper authorization checks, allowing attackers to execute arbitrary code by exploiting Expression language injection in the CompiledRule::validateExpression method.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openmetadata-service | le | 1.3.0 | |
| openmetadata-service | le | 1.3.0 |
Related
osv
osv
cve
cve
CVE-2024-28253
2024-03-15 20:15:09
github
github
cvelist
cvelist
CVE-2024-28253 SpEL Injection in `PUT /api/v1/policies` in OpenMetadata
2024-03-15 19:55:39
thn
thn
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
2024-04-18 05:54:00