231 matches found
CVE-2022-41401
OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...
CVE-2019-3580
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...
Linux Distros Unpatched Vulnerability : CVE-2024-49760
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the...
Linux Distros Unpatched Vulnerability : CVE-2024-47880
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export- rows command can be used in such a way that it reflects...
Linux Distros Unpatched Vulnerability : CVE-2024-47879
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross- site request forgery protection on the...
Linux Distros Unpatched Vulnerability : CVE-2024-47881
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the...
Linux Distros Unpatched Vulnerability : CVE-2024-23833
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where a...
Linux Distros Unpatched Vulnerability : CVE-2024-47878
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET...
Linux Distros Unpatched Vulnerability : CVE-2024-47882
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in Something went wrong! error page includes the exception...
USN-7260-1: OpenRefine vulnerabilities
It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a crafted tar file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-37476 It was discovered that...
USN-7260-1 openrefine vulnerabilities
It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a crafted tar file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-37476 It was discovered that...
Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : OpenRefine vulnerabilities (USN-7260-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7260-1 advisory. It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a...
Ubuntu: Security Advisory (USN-7260-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-47880
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...
CVE-2024-47883
The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...
CVE-2024-47878
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a...
CVE-2024-47881
OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...
CVE-2024-23833
OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest...
The vulnerability of the database extension of the OpenRefine software for extracting and cleaning tabular data allows a hacker to execute arbitrary code.
The vulnerability of the database extension of the OpenRefine software for extracting and cleaning tabular data is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
November Linux Patch Wednesday
November Linux Patch Wednesday. I was happy in October that the number of vulnerabilities was gradually decreasing to an acceptable level, and in November I got a peak again. A total of 803 vulnerabilities. Of these, 567 are in the Linux Kernel. Kind of crazy. 2 vulnerabilities in Chromium with...