Maven package
org.openrefine/openrefine
pkg:maven/org.openrefine/openrefine
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-49760 | — | < 3.8.3 | 3.8.3 | Oct 24, 2024 | OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang` parameter from which it constructs the path of the localization file to load, of the form `translations-$LANG.json`. But when doing so in versions prior to 3.8.3, it doe | ||
| CVE-2024-47882 | — | < 3.8.3 | 3.8.3 | Oct 24, 2024 | OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can relia | ||
| CVE-2024-47880 | — | < 3.8.3 | 3.8.3 | Oct 24, 2024 | OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to |
- CVE-2024-49760Oct 24, 2024affected < 3.8.3fixed 3.8.3
OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang` parameter from which it constructs the path of the localization file to load, of the form `translations-$LANG.json`. But when doing so in versions prior to 3.8.3, it doe
- CVE-2024-47882Oct 24, 2024affected < 3.8.3fixed 3.8.3
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can relia
- CVE-2024-47880Oct 24, 2024affected < 3.8.3fixed 3.8.3
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to