OpenMetadata is vulnerable to Expression Language Injection. The vulnerability is caused due to a lack of proper authorization checks, allowing attackers to execute arbitrary code by exploiting Expression language injection in the CompiledRule::validateExpression
method.
CPE | Name | Operator | Version |
---|---|---|---|
openmetadata-service | le | 1.3.0 | |
openmetadata-service | le | 1.3.0 |