CVE-2024-55238: OpenMetadata SQL Injection

The vulnerability description explicitly identifies the listCount function in the WorkflowDAO interface as vulnerable, with workflowtype and status parameters being the vectors for SQL injection. The provided commit 47a13e27cf24465c44044ac79654b87dde8d39a8 contains changes to openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java, where the WorkflowDAO interface is defined. The diff for this file clearly shows that the listCount(ListFilter filter) method within WorkflowDAO was modified to replace direct string concatenation of workflowType and status parameters with parameterized query syntax (e.g., :workflowType, :status) and the addition of @BindMap Map<String, ?> params to the underlying JDBI @SqlQuery method. This directly addresses the described SQL injection vulnerability. The reference URLs to the vulnerable code in a previous commit (blob 98945cb2...) at lines L4243 and L4247 confirm the exact vulnerable string formatting lines that were changed by the patch. The other changes in the commit are part of a broader effort to secure similar database interactions but the specifically reported vulnerability is addressed by the changes in WorkflowDAO.listCount.