CVE-2023-37476

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openrefine:openrefine:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:11

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 5.5
References () https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e - Patch () https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e - Patch
References () https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq - Vendor Advisory () https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq - Vendor Advisory

27 Jul 2023, 03:46

Type Values Removed Values Added
CPE cpe:2.3:a:openrefine:openrefine:*:*:*:*:*:*:*:*
References (MISC) https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq - (MISC) https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq - Vendor Advisory
References (MISC) https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e - (MISC) https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e - Patch
First Time Openrefine
Openrefine openrefine
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

17 Jul 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-17 22:15

Updated : 2024-11-21 08:11


NVD link : CVE-2023-37476

Mitre link : CVE-2023-37476

CVE.ORG link : CVE-2023-37476


JSON object : View

Products Affected

openrefine

  • openrefine
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')