OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources.
References
Configurations
History
21 Nov 2024, 08:11
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
References | () https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e - Patch | |
References | () https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq - Vendor Advisory |
27 Jul 2023, 03:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:openrefine:openrefine:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq - Vendor Advisory | |
References | (MISC) https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e - Patch | |
First Time |
Openrefine
Openrefine openrefine |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
17 Jul 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-17 22:15
Updated : 2024-11-21 08:11
NVD link : CVE-2023-37476
Mitre link : CVE-2023-37476
CVE.ORG link : CVE-2023-37476
JSON object : View
Products Affected
openrefine
- openrefine
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')