1. Home
  2. Packages
  3. maven
  4. org.open-metadata
  5. openmetadata-service

pkg:maven/org.open-metadata/openmetadata-service

Type maven
Namespace org.open-metadata
Name openmetadata-service

Known advisories, vulnerabilities and fixes for org.open-metadata/openmetadata-service package.

Repository
https://mvnrepository.com/artifact/org.open-metadata/openmetadata-service
Critical 1
High 2
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected < 1.2.4 CVE-2024-28848
maven MAVEN:GHSA-5XV3-FM7G-865R OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) high 2024-04-24T17:06:02
(4 months ago)
Fixed = 1.2.4 CVE-2024-28848
maven MAVEN:GHSA-5XV3-FM7G-865R OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) high 2024-04-24T17:06:02
(4 months ago)
Affected < 1.3.1 CVE-2024-28253
maven MAVEN:GHSA-7VF4-X5M2-R6GR OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) critical 2024-04-23T21:11:23
(4 months ago)
Fixed = 1.3.1 CVE-2024-28253
maven MAVEN:GHSA-7VF4-X5M2-R6GR OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) critical 2024-04-23T21:11:23
(4 months ago)
Affected < 1.2.4 CVE-2024-28847
maven MAVEN:GHSA-8P5R-6MVV-2435 OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) high 2024-04-24T17:06:00
(4 months ago)
Fixed = 1.2.4 CVE-2024-28847
maven MAVEN:GHSA-8P5R-6MVV-2435 OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) high 2024-04-24T17:06:00
(4 months ago)