Volerion logoVolerion
Volerion logoVolerion

OpenMetadata SQL Injection Vulnerability in TestDefinitionDAO Interface

Vulnerability

A SQL injection vulnerability has been identified in OpenMetadata versions through 1.4.4. The issue arises in the 'listCount' function of the 'TestDefinitionDAO' interface, where the 'supportedDataTypeParam' parameter is improperly sanitized before being used to construct SQL queries. This flaw allows attackers to manipulate the parameter and execute arbitrary SQL commands, potentially leading to unauthorized data access or modification.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the OpenMetadata API endpoint 'api/v1/dataQuality/testDefinitions' with a crafted 'supportedDataTypeParam' parameter. The injected SQL payload should exploit the 'listCount' function in the 'TestDefinitionDAO' interface, bypassing any input validation and manipulating the SQL query to extract database information.

Added: Aug 8, 2025, 5:27 PM
Updated: Aug 8, 2025, 7:59 PM

Vulnerability Rating

Custom Algorithm
spread
0.8
impact
2.5
exploitability
6.3
remediation
0.0
relevance
0.3
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.