CNNVD-202508-736 Information
CNNVD ID
CNNVD-202508-736
Related CVE
- CNNVD Published: 2025-08-08
Description (Chinese)
OpenMetadata是OpenMetadata开源的一个统一的发现、可观察和治理平台,由中央元数据存储库、深入的沿袭和无缝团队协作提供支持。 OpenMetadata 1.4.4及之前版本存在安全漏洞,该漏洞源于TestDefinitionDAO接口中testPlatform参数未经验证,可能导致SQL注入攻击。
Description (English)
OpenMetadata is a unified discovery, observation and governance platform for OpenMetadata open sources, supported by a central metadata repository, in-depth succession and seamless teamwork. OpenMetadata 1.4.4 and previous versions contain a security loophole, which originates from unverified testPlatform parameters in the TestDefinionDAO interface, which could lead to an SQL injection attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
OpenMetadata
Published
2025-08-08
Last Modified
2026-02-24
References
https://gist.github.com/javadk/c23cc3276f3fb5587b0f4345d7a71a7f https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3515 https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3517 https://access.redhat.com/security/cve/cve-2025-50465
Patch
https://github.com/open-metadata/OpenMetadata/releases
Share on: