CVE-2024-28254 | open-metadata OpenMetadata up to 1.2.3 validateExpression os command injection

CVE-2024-28254 | open-metadata OpenMetadata up to 1.2.3 validateExpression os command injection

A vulnerability classified as critical has been found in open-metadata OpenMetadata up to 1.2.3. This affects the function AlertUtil::validateExpression of the file /api/v1/events/subscriptions/validation/condition/. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-28254. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.