{"id":"CVE-2025-50467","details":"OpenMetadata \u003c=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.","modified":"2026-04-10T05:29:12.752380Z","published":"2025-08-08T17:15:29.020Z","references":[{"type":"WEB","url":"https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3527"},{"type":"WEB","url":"https://github.com/open-metadata/OpenMetadata/blob/4b9145a9da7ed95b7f868ab9f351e3d759af47d7/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L3528"},{"type":"ADVISORY","url":"https://gist.github.com/javadk/ed0d38e4578405672f154e289036a705"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open-metadata/openmetadata","events":[{"introduced":"0"},{"last_affected":"4b9145a9da7ed95b7f868ab9f351e3d759af47d7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.4"}]}}],"versions":["0.3.0-SNAPSHOT.pre2","0.3.1-release","0.4.0-pre","0.8.1-release","1.0.0-alpha-release","1.4.0-release","1.4.1-release","1.4.2-release","1.4.3-release","1.4.4-release"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-50467.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}