Maven package
org.openrefine/database
pkg:maven/org.openrefine/database
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47881 | — | >= 3.4-beta, < 3.8.3 | 3.8.3 | Oct 24, 2024 | OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) ext | ||
| CVE-2024-23833 | — | < 3.7.8 | 3.7.8 | Feb 12, 2024 | OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver libr | ||
| CVE-2023-41887 | — | < 3.7.5 | 3.7.5 | Sep 15, 2023 | OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue. | ||
| CVE-2023-41886 | — | < 3.7.5 | 3.7.5 | Sep 15, 2023 | OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue. |
- CVE-2024-47881Oct 24, 2024affected >= 3.4-beta, < 3.8.3fixed 3.8.3
OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) ext
- CVE-2024-23833Feb 12, 2024affected < 3.7.8fixed 3.7.8
OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver libr
- CVE-2023-41887Sep 15, 2023affected < 3.7.5fixed 3.7.5
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.
- CVE-2023-41886Sep 15, 2023affected < 3.7.5fixed 3.7.5
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue.