CNNVD-202508-732 Information
CNNVD ID
CNNVD-202508-732
Related CVE
- CNNVD Published: 2025-08-08
Description (Chinese)
OpenMetadata是OpenMetadata开源的一个统一的发现、可观察和治理平台,由中央元数据存储库、深入的沿袭和无缝团队协作提供支持。 OpenMetadata 1.4.4及之前版本存在安全漏洞,该漏洞源于TestDefinitionDAO接口中supportedDataTypeParam参数未经验证,可能导致SQL注入攻击。
Description (English)
OpenMetadata is a unified discovery, observation and governance platform for OpenMetadata open sources, supported by a central metadata repository, in-depth succession and seamless teamwork. OpenMetadata 1.4.4 and previous versions contain a security loophole, which originates from the unverified parameters of supported DataTypeParam in the TestDefinitionDAO interface, which could lead to an SQL injection attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OpenMetadata
Published
2025-08-08
Last Modified
2026-02-24
References
https://gist.github.com/javadk/ed0d38e4578405672f154e289036a705 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3527 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3528 https://access.redhat.com/security/cve/cve-2025-50467
Patch
https://github.com/open-metadata/OpenMetadata/releases
Share on: