CVE-2024-55238
published 2025-04-17CVE-2024-55238: OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface…
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.50%
39.0th percentile
OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-metadata | openmetadata | <= 1.4.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenMetadata SQL Injection
ghsa·2025-04-17
CVE-2024-55238 [HIGH] CWE-89 OpenMetadata SQL Injection
OpenMetadata SQL Injection
OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.
OSV
OpenMetadata SQL Injection
osv·2025-04-17
CVE-2024-55238 [HIGH] OpenMetadata SQL Injection
OpenMetadata SQL Injection
OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gist.github.com/javadk/68c597cdb94768dab31a3219c2ad9904https://github.com/open-metadata/OpenMetadata/blob/98945cb2db87ebb325d3a72131f049abffcba345/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L4243https://github.com/open-metadata/OpenMetadata/blob/98945cb2db87ebb325d3a72131f049abffcba345/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L4247https://gist.github.com/javadk/68c597cdb94768dab31a3219c2ad9904
2025-04-17
Published