Lucene search

GoogleOSV:CVE-2023-41887

HistorySep 15, 2023 - 9:15 p.m.

CVE-2023-41887

2023-09-1521:15:11

Google

osv.dev

openrefine

remote code execution

vulnerability

patched

version 3.7.5

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.005

Percentile

75.5%

JSON

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.

References

github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511

github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.005

Percentile

75.5%

JSON

Related for OSV:CVE-2023-41887