CNNVD-202601-1448 Information
CNNVD ID
CNNVD-202601-1448
Related CVE
- CNNVD Published: 2026-01-08
Description (Chinese)
OpenMetadata是OpenMetadata开源的一个统一的发现、可观察和治理平台,由中央元数据存储库、深入的沿袭和无缝团队协作提供支持。 OpenMetadata 1.11.4之前版本存在安全漏洞,该漏洞源于FreeMarker电子邮件模板存在服务器端模板注入,可能导致远程代码执行。
Description (English)
OpenMetadata is a unified discovery, observation and governance platform for OpenMetadata open sources, supported by a central metadata repository, in-depth succession and seamless teamwork. There was a security loophole in the pre-OpenMetadata 1.11.4 version, which resulted from the injection of a server-end template into the FreeMarter e-mail template, which could lead to remote code execution.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
OpenMetadata
Published
2026-01-08
Last Modified
2026-02-24
References
https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5f29-2333-h9c7 https://github.com/open-metadata/OpenMetadata/commit/bffe7c45807763f9b682021d4211c478d2a08bb3 https://access.redhat.com/security/cve/cve-2026-22244
Patch
https://github.com/open-metadata/OpenMetadata/releases
Share on: