pkg:maven/org.open-metadata/openmetadata-service
Type
maven
Namespace
org.open-metadata
Name
openmetadata-service
Known advisories, vulnerabilities and fixes for org.open-metadata/openmetadata-service package.
Critical
1
High
2
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 1.2.4 |
CVE-2024-28848
|
MAVEN:GHSA-5XV3-FM7G-865R | OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) | high |
2024-04-24T17:06:02
(4 months ago) |
|
Fixed | = 1.2.4 |
CVE-2024-28848
|
MAVEN:GHSA-5XV3-FM7G-865R | OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) | high |
2024-04-24T17:06:02
(4 months ago) |
|
Affected | < 1.3.1 |
CVE-2024-28253
|
MAVEN:GHSA-7VF4-X5M2-R6GR | OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) | critical |
2024-04-23T21:11:23
(4 months ago) |
|
Fixed | = 1.3.1 |
CVE-2024-28253
|
MAVEN:GHSA-7VF4-X5M2-R6GR | OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) | critical |
2024-04-23T21:11:23
(4 months ago) |
|
Affected | < 1.2.4 |
CVE-2024-28847
|
MAVEN:GHSA-8P5R-6MVV-2435 | OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) | high |
2024-04-24T17:06:00
(4 months ago) |
|
Fixed | = 1.2.4 |
CVE-2024-28847
|
MAVEN:GHSA-8P5R-6MVV-2435 | OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) | high |
2024-04-24T17:06:00
(4 months ago) |