org.open-metadata:openmetadata-service 1.11.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.open-metadata:openmetadata-service package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Insertion of Sensitive Information Into Sent Data Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the `api/v1/ingestionPipelines` endpoint, which exposes JWT tokens used by privileged bot accounts in API responses. An attacker can gain unauthorized access to sensitive data and potentially perform destructive actions by extracting and using leaked JWT tokens. How to fix Insertion of Sensitive Information Into Sent Data? Upgrade `org.open-metadata:openmetadata-service` to version 1.11.8 or higher.	[,1.11.8)
C Improper Neutralization of Special Elements Used in a Template Engine Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the `getTemplate` function. An attacker can execute arbitrary code on the server by injecting malicious FreeMarker templates through the email template editing API when authenticated with administrative privileges. Note: This is only exploitable if the attacker has access to an account with admin-level permissions. How to fix Improper Neutralization of Special Elements Used in a Template Engine? Upgrade `org.open-metadata:openmetadata-service` to version 1.11.4 or higher.	[,1.11.4)

Vulnerability

Vulnerable Version

Insertion of Sensitive Information Into Sent Data

Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the api/v1/ingestionPipelines endpoint, which exposes JWT tokens used by privileged bot accounts in API responses. An attacker can gain unauthorized access to sensitive data and potentially perform destructive actions by extracting and using leaked JWT tokens.

How to fix Insertion of Sensitive Information Into Sent Data?

Upgrade org.open-metadata:openmetadata-service to version 1.11.8 or higher.

[,1.11.8)

Improper Neutralization of Special Elements Used in a Template Engine

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the getTemplate function. An attacker can execute arbitrary code on the server by injecting malicious FreeMarker templates through the email template editing API when authenticated with administrative privileges.

Note: This is only exploitable if the attacker has access to an account with admin-level permissions.

How to fix Improper Neutralization of Special Elements Used in a Template Engine?

Upgrade org.open-metadata:openmetadata-service to version 1.11.4 or higher.

[,1.11.4)

org.open-metadata:openmetadata-service@1.11.2 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically