The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CPE | Name | Operator | Version |
---|---|---|---|
openrefine | eq | 2.7-rc.1 | |
openrefine | eq | 2.6-beta.1 | |
openrefine | eq | 3.0-beta | |
openrefine | eq | 2.8 | |
openrefine | eq | 2.7 | |
openrefine | eq | 3.0-rc.1 | |
openrefine | eq | 2.6-alpha.2 | |
openrefine | eq | 1.1 | |
openrefine | eq | 3.0 | |
openrefine | eq | 3.1 |