Maven package
org.openrefine/main
pkg:maven/org.openrefine/main
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47879 | Hig | 7.6 | < 3.8.3 | 3.8.3 | Oct 24, 2024 | OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The | |
| CVE-2022-41401 | Med | 6.5 | < 3.6.0 | 3.6.0 | Aug 4, 2023 | OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. | |
| CVE-2023-37476 | Med | 5.5 | < 3.7.4 | 3.7.4 | Jul 17, 2023 | OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all | |
| CVE-2018-19859 | Med | 6.5 | < 3.2-beta | 3.2-beta | Dec 5, 2018 | OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive. |
- affected < 3.8.3fixed 3.8.3
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The
- affected < 3.6.0fixed 3.6.0
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.
- affected < 3.7.4fixed 3.7.4
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all
- affected < 3.2-betafixed 3.2-beta
OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.