CNNVD-202508-733 Information
CNNVD ID
CNNVD-202508-733
Related CVE
- CNNVD Published: 2025-08-08
Description (Chinese)
OpenMetadata是OpenMetadata开源的一个统一的发现、可观察和治理平台,由中央元数据存储库、深入的沿袭和无缝团队协作提供支持。 OpenMetadata 1.4.4及之前版本存在安全漏洞,该漏洞源于DocStoreDAO接口中entityType参数未经验证,可能导致SQL注入攻击。
Description (English)
OpenMetadata is a unified discovery, observation and governance platform for OpenMetadata open sources, supported by a central metadata repository, in-depth succession and seamless teamwork. OpenMetadata 1.4.4 and previous versions contain a security loophole, which originates from unverified entityType parameters in the DoctoreDAO interface, which may lead to an SQL injection attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OpenMetadata
Published
2025-08-08
Last Modified
2026-02-24
References
https://gist.github.com/javadk/0be29d2bb5a971bc09f3410659c83308 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L4411 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L4412 https://access.redhat.com/security/cve/cve-2025-50468
Patch
https://github.com/open-metadata/OpenMetadata/releases
Share on: