5 matches found
USN-7260-1 openrefine vulnerabilities
It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a crafted tar file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-37476 It was discovered that...
CVE-2024-23833
OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest...
CVE-2024-23833 OpenRefine JDBC Attack Vulnerability
OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest...
CVE-2024-23833
CVE-2024-23833 affects OpenRefine up to version 3.7.7, where a JDBC query could be constructed to read files from the host filesystem. The issue arises from deserialization-related behavior with the MySQL driver, and although the newer driver (in OpenRefine 8.0.30) eliminates the deserialization ...
CVE-2024-23833
creationtimestamp| type| source ---|---|--- 2024-02-11 17:09:37+00:00| published-proof-of-concept| https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4 2024-02-12 22:31:27+00:00| seen| https://t.me/ctinow/183437 2024-03-03 15:51:55+00:00| seen| https://t.me/ctinow/1987...