Open-Metadata: >> Openmetadata >> 1.2.4 Security Vulnerabilities
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-08
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-08
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-08-08
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-08-08
OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-04-17