15Mar
CVE-2024-28254 | open-metadata OpenMetadata up to 1.2.3 validateExpression os command injection
A vulnerability classified as critical has been found in open-metadata OpenMetadata up to 1.2.3. This affects the functionAlertUtil::validateExpression
of the file /api/v1/events/subscriptions/validation/condition/. The manipulation leads to os command injection.
This vulnerability is uniquely identified as CVE-2024-28254. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.