Lucene search
K

231 matches found

NVD
NVD
added 2024/10/24 9:15 p.m.14 views

CVE-2024-47879

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

8.8CVSS0.00389EPSS
Exploits1References2
OSV
OSV
added 2024/10/24 9:15 p.m.1 views

DEBIAN-CVE-2024-47879

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

8.8CVSS5.4AI score0.00389EPSS
Exploits1References1
OSV
OSV
added 2024/10/24 9:15 p.m.3 views

DEBIAN-CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

6.1CVSS5.3AI score0.00441EPSS
Exploits1References1
OSV
OSV
added 2024/10/24 9:15 p.m.1 views

UBUNTU-CVE-2024-47881

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...

8.8CVSS6.1AI score0.00658EPSS
Exploits1References4
OSV
OSV
added 2024/10/24 9:15 p.m.1 views

UBUNTU-CVE-2024-47882

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an...

6.1CVSS5.7AI score0.00487EPSS
Exploits1References5
OSV
OSV
added 2024/10/24 9:15 p.m.1 views

UBUNTU-CVE-2024-47879

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

8.8CVSS5.8AI score0.00389EPSS
Exploits1References4
OSV
OSV
added 2024/10/24 9:15 p.m.2 views

UBUNTU-CVE-2024-47880

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...

8.1CVSS6AI score0.00361EPSS
Exploits1References4
OSV
OSV
added 2024/10/24 9:15 p.m.1 views

UBUNTU-CVE-2024-47883

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...

9.1CVSS6.1AI score0.01602EPSS
Exploits1References3
OSV
OSV
added 2024/10/24 9:15 p.m.2 views

UBUNTU-CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

8.1CVSS5.8AI score0.00441EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/24 8:39 p.m.30 views

CVE-2024-47883 Butterfly has path/URL confusion in resource handling leading to multiple weaknesses

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...

9.1CVSS0.01602EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/10/24 8:39 p.m.16 views

CVE-2024-47883

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...

9.1CVSS8.7AI score0.01602EPSS
Exploits1
OSV
OSV
added 2024/10/24 8:39 p.m.10 views

CVE-2024-47883 Butterfly has path/URL confusion in resource handling leading to multiple weaknesses

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...

9.1CVSS9AI score0.01602EPSS
Exploits1References4
CVE
CVE
added 2024/10/24 8:39 p.m.75 views

CVE-2024-47883

CVE-2024-47883 affects the OpenRefine fork of the MIT Simile Butterfly server. The Butterfly framework uses java.net.URL to load local resources (images/templates). Before version 1.2.6, if a file:/ URL is supplied where a relative resource name is expected, some code paths accept it and fetch th...

9.1CVSS9.4AI score0.01602EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/24 8:35 p.m.12 views

CVE-2024-47882 OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an...

5.9CVSS7.2AI score0.00487EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/10/24 8:35 p.m.28 views

CVE-2024-47882 OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an...

5.9CVSS0.00487EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2024/10/24 8:35 p.m.15 views

CVE-2024-47882

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an...

6.1CVSS5.2AI score0.00487EPSS
Exploits1
CVE
CVE
added 2024/10/24 8:35 p.m.72 views

CVE-2024-47882

OpenRefine before version 3.8.3 is affected by CVE-2024-47882: the built-in error page could reveal an attacker-controlled message and unescaped HTML, enabling injection when an error is triggered by importing a malicious file. The issue is mitigated in OpenRefine 3.8.3, which patches the error p...

6.1CVSS5.9AI score0.00487EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/10/24 8:35 p.m.20 views

CVE-2024-47882 OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an...

5.9CVSS7AI score0.00487EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/10/24 8:31 p.m.15 views

CVE-2024-47881 OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...

8.1CVSS7.5AI score0.00658EPSS
Exploits1References2
CVE
CVE
added 2024/10/24 8:31 p.m.90 views

CVE-2024-47881

CVE-2024-47881 affects OpenRefine prior to 3.8.3. In the OpenRefine database extension, the enable_load_extension setting for the SQLite integration can be abused to load local or remote extension DLLs, allowing arbitrary code execution on the vulnerable server. Exploitation requires network acce...

8.8CVSS8.1AI score0.00658EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder