Lucene search
K

231 matches found

Veracode
Veracode
added 2024/10/29 8:28 a.m.6 views

Path Traversal

org.openrefine, openrefine is vulnerable to path traversal. The vulnerability is due to the load-language command not verifying the resulting path for localization files, allowing exploitation to read arbitrary JSON files on the file system...

7.1CVSS6.8AI score0.00597EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/10/29 8:17 a.m.8 views

HTML Injection

org.openrefine, openrefine is vulnerable to HTML injection. The vulnerability is due to improper handling of error messages, which fails to escape HTML tags in exception messages and tracebacks, allowing an attacker to inject malicious HTML when a specific error is triggered...

6.1CVSS6.7AI score0.00487EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2024/10/29 7:6 a.m.18 views

Arbitrary Code Execution

org.openrefine, database is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper configuration in the database extension of OpenRefine, specifically the enableloadextension property that permits loading local or remote extension DLLs...

8.8CVSS6.7AI score0.00658EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/10/29 6:59 a.m.12 views

Cross-Site Scripting (XSS)

org.openrefine, openrefine is vulnerable to a reflected Cross-Site Scripting XSS vulnerability. The vulnerability is due to the export-rows command reflecting parts of the user request verbatim, including the Content-Type header. It allows an attacker to manipulate the response and inject malicio...

8.1CVSS5.8AI score0.00361EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/10/24 10:15 p.m.1 views

DEBIAN-CVE-2024-49760

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...

5.3CVSS5.3AI score0.00597EPSS
Exploits0References1
NVD
NVD
added 2024/10/24 10:15 p.m.35 views

CVE-2024-49760

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...

7.1CVSS0.00597EPSS
Exploits0References2
OSV
OSV
added 2024/10/24 10:15 p.m.3 views

UBUNTU-CVE-2024-49760

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...

7.1CVSS5.8AI score0.00597EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/24 9:35 p.m.17 views

CVE-2024-49760 OpenRefine has a path traversal in LoadLanguageCommand

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...

7.1CVSS6.7AI score0.00597EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/24 9:35 p.m.14 views

CVE-2024-49760 OpenRefine has a path traversal in LoadLanguageCommand

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...

7.1CVSS0.00597EPSS
Exploits0References2
CVE
CVE
added 2024/10/24 9:35 p.m.67 views

CVE-2024-49760

CVE-2024-49760 affects OpenRefine: in versions prior to 3.8.3 the load-language command does not verify the target directory, enabling a path traversal to read other JSON files on the file system. The issue is resolved in 3.8.3. Impact details and exploit information are stated in provided docume...

7.1CVSS5.9AI score0.00597EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/10/24 9:35 p.m.11 views

CVE-2024-49760

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...

7.1CVSS5.2AI score0.00597EPSS
Exploits0
OSV
OSV
added 2024/10/24 9:35 p.m.24 views

CVE-2024-49760 OpenRefine has a path traversal in LoadLanguageCommand

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...

7.1CVSS6.4AI score0.00597EPSS
Exploits0References4
OSV
OSV
added 2024/10/24 9:15 p.m.3 views

DEBIAN-CVE-2024-47882

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an...

6.1CVSS5.2AI score0.00487EPSS
Exploits1References1
NVD
NVD
added 2024/10/24 9:15 p.m.19 views

CVE-2024-47882

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an...

6.1CVSS0.00487EPSS
Exploits1References3
NVD
NVD
added 2024/10/24 9:15 p.m.18 views

CVE-2024-47883

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...

9.1CVSS0.01602EPSS
Exploits1References2
NVD
NVD
added 2024/10/24 9:15 p.m.31 views

CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

8.1CVSS0.00441EPSS
Exploits1References2
NVD
NVD
added 2024/10/24 9:15 p.m.10 views

CVE-2024-47880

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...

8.1CVSS0.00361EPSS
Exploits1References2
OSV
OSV
added 2024/10/24 9:15 p.m.2 views

DEBIAN-CVE-2024-47880

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...

6.9CVSS5.7AI score0.00361EPSS
Exploits1References1
OSV
OSV
added 2024/10/24 9:15 p.m.1 views

DEBIAN-CVE-2024-47881

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...

8.8CVSS8.7AI score0.00658EPSS
Exploits1References1
OSV
OSV
added 2024/10/24 9:15 p.m.1 views

DEBIAN-CVE-2024-47879

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

8.8CVSS5.4AI score0.00389EPSS
Exploits1References1
Rows per page
Query Builder