Lucene search
PRIOn knowledge basePRION:CVE-2024-23833HistoryFeb 12, 2024 - 9:15 p.m.
Design/Logic Flaw
2024-02-1221:15:00
PRIOn knowledge base
www.prio-n.com
5
openrefine
jdbc attack
vulnerability
fix
version 3.7.7
version 3.7.8
mysql driver
filesystem
attack
upgrade
nvd
OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest version of OpenRefine (8.0.30), there is no associated deserialization utilization point, so original code execution cannot be achieved, but attackers can use this vulnerability to read sensitive files on the target server. This issue has been addressed in version 3.7.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Related
veracode
veracode
Arbitrary File Read
2024-02-13 07:22:46
nvd
nvd
CVE-2024-23833
2024-02-12 21:15:08
osv
osv
CVE-2024-23833
2024-02-12 21:15:08
OpenRefine JDBC Attack Vulnerability
2024-02-12 15:08:48
cve
cve
CVE-2024-23833
2024-02-12 21:15:08
debiancve
debiancve
CVE-2024-23833
2024-02-12 21:15:08
ubuntucve
ubuntucve
CVE-2024-23833
2024-02-12 00:00:00
cvelist
cvelist
CVE-2024-23833 OpenRefine JDBC Attack Vulnerability
2024-02-12 20:15:34
github
github
OpenRefine JDBC Attack Vulnerability
2024-02-12 15:08:48