CNNVD-202508-726 Information
CNNVD ID
CNNVD-202508-726
Related CVE
- CNNVD Published: 2025-08-08
Description (Chinese)
OpenMetadata是OpenMetadata开源的一个统一的发现、可观察和治理平台,由中央元数据存储库、深入的沿袭和无缝团队协作提供支持。 OpenMetadata 1.4.4及之前版本存在安全漏洞,该漏洞源于TestDefinitionDAO接口中entityType参数未经验证,可能导致SQL注入攻击。
Description (English)
OpenMetadata is a unified discovery, observation and governance platform for OpenMetadata open sources, supported by a central metadata repository, in-depth succession and seamless teamwork. OpenMetada 1.4.4 and previous versions contain a security loophole that originates from unverified entity type parameters in the TestDefinionDAO interface, which could lead to an SQL injection attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
OpenMetadata
Published
2025-08-08
Last Modified
2026-02-24
References
https://gist.github.com/javadk/aa7b5eb6f0fca2fbc334129b7572c7c6 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3521 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3522 https://access.redhat.com/security/cve/cve-2025-50466
Patch
https://github.com/open-metadata/OpenMetadata/releases
Share on: