Javadk

**Name of the Vulnerable Software and Affected Versions** OpenMetadata versions prior to 1.4.4 **Description** OpenMetadata is susceptible to a SQL injection issue. An attacker can extract information from the database via the `listCount` function within the `TestDefinitionDAO` interface. The `supportedDataTypeParam` parameter can be manipulated to construct a SQL query. **Recommendations** Update to a version of OpenMetadata greater than 1.4.4.

**Name of the Vulnerable Software and Affected Versions** OpenMetadata versions prior to 1.4.4 **Description** OpenMetadata is susceptible to a SQL injection issue. An attacker can extract information from the database through the `listCount` function within the `DocStoreDAO` interface. The `entityType` parameters can be manipulated to construct a SQL query. **Recommendations** Update to a version greater than 1.4.4.

**Name of the Vulnerable Software and Affected Versions** OpenMetadata versions prior to 1.4.5 **Description** OpenMetadata is susceptible to a SQL injection issue. An attacker can extract information from the database through the `listCount` function within the `TestDefinitionDAO` interface. The `testPlatform` parameter is used to construct a SQL query, enabling the injection. **Recommendations** Update to OpenMetadata version 1.4.5 or later. As a temporary workaround, restrict access to the `TestDefinitionDAO` interface. Avoid using the `testPlatform` parameter in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenMetadata versions prior to 1.4.4 **Description** OpenMetadata is susceptible to a SQL injection issue. An attacker can extract information from the database through the `listCount` function within the `TestDefinitionDAO` interface. The `entityType` parameter is used to construct a SQL query and is the source of the injection point. **Recommendations** Update OpenMetadata to a version greater than 1.4.4.