Maven package
org.openrefine/main
pkg:maven/org.openrefine/main
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47879 | — | < 3.8.3 | 3.8.3 | Oct 24, 2024 | OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The | ||
| CVE-2022-41401 | — | < 3.6.0 | 3.6.0 | Aug 4, 2023 | OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. | ||
| CVE-2023-37476 | — | < 3.7.4 | 3.7.4 | Jul 17, 2023 | OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all | ||
| CVE-2018-19859 | — | < 3.2-beta | 3.2-beta | Dec 5, 2018 | OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive. |
- CVE-2024-47879Oct 24, 2024affected < 3.8.3fixed 3.8.3
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The
- CVE-2022-41401Aug 4, 2023affected < 3.6.0fixed 3.6.0
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.
- CVE-2023-37476Jul 17, 2023affected < 3.7.4fixed 3.7.4
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all
- CVE-2018-19859Dec 5, 2018affected < 3.2-betafixed 3.2-beta
OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.