Lucene search

[email protected]CVE-2018-19859

HistoryDec 05, 2018 - 11:29 a.m.

CVE-2018-19859

2018-12-0511:29:05

CWE-22

[email protected]

web.nvd.nist.gov

openrefine

3.2 beta

directory traversal

vulnerability

nvd

cve-2018-19859

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.

Affected configurations

NVD

Node

openrefineopenrefineMatch1.0

openrefineopenrefineMatch1.0a1

openrefineopenrefineMatch1.0a2

openrefineopenrefineMatch1.0a3

openrefineopenrefineMatch1.0a4

openrefineopenrefineMatch1.0b1

openrefineopenrefineMatch1.0.1

openrefineopenrefineMatch1.0.2

openrefineopenrefineMatch1.0.3

openrefineopenrefineMatch1.0.5

openrefineopenrefineMatch1.0.6

openrefineopenrefineMatch1.0.7

openrefineopenrefineMatch1.1

openrefineopenrefineMatch2.0

openrefineopenrefineMatch2.1

openrefineopenrefineMatch2.1rc1

openrefineopenrefineMatch2.5

openrefineopenrefineMatch2.5rc1

openrefineopenrefineMatch2.5rc3

openrefineopenrefineMatch2.6alpha1

openrefineopenrefineMatch2.6alpha2

openrefineopenrefineMatch2.6beta1

openrefineopenrefineMatch2.6rc1

openrefineopenrefineMatch2.6rc2

openrefineopenrefineMatch2.7

openrefineopenrefineMatch2.7rc1

openrefineopenrefineMatch2.7rc2

openrefineopenrefineMatch2.8

openrefineopenrefineMatch3.0

openrefineopenrefineMatch3.0beta

openrefineopenrefineMatch3.0rc1

openrefineopenrefineMatch3.1

openrefineopenrefineMatch3.1beta

CPENameOperatorVersion
openrefine:openrefineopenrefineeq1.0
openrefine:openrefineopenrefineeq1.0.1
openrefine:openrefineopenrefineeq1.0.2
openrefine:openrefineopenrefineeq1.0.3
openrefine:openrefineopenrefineeq1.0.5
openrefine:openrefineopenrefineeq1.0.6
openrefine:openrefineopenrefineeq1.0.7
openrefine:openrefineopenrefineeq1.1
openrefine:openrefineopenrefineeq2.0
openrefine:openrefineopenrefineeq2.1

CPE	Name	Operator	Version
openrefine:openrefine	openrefine	eq	1.0
openrefine:openrefine	openrefine	eq	1.0.1
openrefine:openrefine	openrefine	eq	1.0.2
openrefine:openrefine	openrefine	eq	1.0.3
openrefine:openrefine	openrefine	eq	1.0.5
openrefine:openrefine	openrefine	eq	1.0.6
openrefine:openrefine	openrefine	eq	1.0.7
openrefine:openrefine	openrefine	eq	1.1
openrefine:openrefine	openrefine	eq	2.0
openrefine:openrefine	openrefine	eq	2.1

Rows per page:

1-10 of 161

References

github.com/OpenRefine/OpenRefine/issues/1840

github.com/OpenRefine/OpenRefine/pull/1901

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

Related for CVE-2018-19859

github2 debiancve1 osv3 prion1 cvelist1 nvd1