Lucene search
K

231 matches found

Debian CVE
Debian CVE
added 2024/10/24 8:31 p.m.12 views

CVE-2024-47881

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...

8.8CVSS8.7AI score0.00658EPSS
Exploits1
CVE
CVE
added 2024/10/24 8:31 p.m.90 views

CVE-2024-47881

CVE-2024-47881 affects OpenRefine prior to 3.8.3. In the OpenRefine database extension, the enable_load_extension setting for the SQLite integration can be abused to load local or remote extension DLLs, allowing arbitrary code execution on the vulnerable server. Exploitation requires network acce...

8.8CVSS8.1AI score0.00658EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/10/24 8:31 p.m.13 views

CVE-2024-47881 OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...

8.1CVSS9AI score0.00658EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/24 8:21 p.m.36 views

CVE-2024-47880 OpenRefine has a reflected cross-site scripting vulnerability from POST request in ExportRowsCommand

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...

8.1CVSS0.00361EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/24 8:21 p.m.19 views

CVE-2024-47880 OpenRefine has a reflected cross-site scripting vulnerability from POST request in ExportRowsCommand

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...

8.1CVSS8.1AI score0.00361EPSS
Exploits1References2
OSV
OSV
added 2024/10/24 8:21 p.m.21 views

CVE-2024-47880 OpenRefine has a reflected cross-site scripting vulnerability from POST request in ExportRowsCommand

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...

8.1CVSS6.8AI score0.00361EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2024/10/24 8:21 p.m.12 views

CVE-2024-47880

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...

8.1CVSS5.7AI score0.00361EPSS
Exploits1
CVE
CVE
added 2024/10/24 8:21 p.m.71 views

CVE-2024-47880

OpenRefine vulnerable prior to version 3.8.3 to a reflected cross-site scripting issue in the export-rows command. An attacker could lure a user to a malicious page that submits a POST containing embedded JavaScript, which could be echoed in the response along with an attacker-controlled Content-...

8.1CVSS7.5AI score0.00361EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/24 8:17 p.m.12 views

CVE-2024-47879 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

7.6CVSS7.3AI score0.00389EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/24 8:17 p.m.18 views

CVE-2024-47879 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

7.6CVSS0.00389EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/10/24 8:17 p.m.13 views

CVE-2024-47879

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

8.8CVSS5.3AI score0.00389EPSS
Exploits1
CVE
CVE
added 2024/10/24 8:17 p.m.63 views

CVE-2024-47879

CVE-2024-47879 concerns OpenRefine. Prior to version 3.8.3, the tool’s preview-expression command lacks CSRF protection, enabling an attacker to execute an attacker-controlled expression containing arbitrary Clojure or Python code when a victim visits a malicious page. The attack requires knowled...

8.8CVSS7.7AI score0.00389EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/10/24 8:17 p.m.13 views

CVE-2024-47879 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

7.6CVSS6.8AI score0.00389EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/10/24 8:11 p.m.12 views

CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

8.1CVSS7.9AI score0.00441EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/24 8:11 p.m.38 views

CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

8.1CVSS0.00441EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/10/24 8:11 p.m.8 views

CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

8.1CVSS5.3AI score0.00441EPSS
Exploits1
OSV
OSV
added 2024/10/24 8:11 p.m.21 views

CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

8.1CVSS6.5AI score0.00441EPSS
Exploits1References4
CVE
CVE
added 2024/10/24 8:11 p.m.62 views

CVE-2024-47878

OpenRefine before 3.8.3 exposes the state parameter in a [removed] tag via the /extension/gdata/authorized endpoint, enabling reflected XSS (CVE-2024-47878). The issue arises from verbatim inclusion without escaping, allowing an attacker to craft a URL that executes JavaScript in a victim’s brows...

8.1CVSS6.9AI score0.00441EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/24 6:32 p.m.23 views

OpenRefine has a path traversal in LoadLanguageCommand

The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. When doing so, it does not check that the resulting path is in the expected directory, which means that this command could be exploited to re...

7.1CVSS6.6AI score0.00597EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/10/24 6:32 p.m.8 views

GHSA-QFWQ-6JH6-8XX4 OpenRefine has a path traversal in LoadLanguageCommand

The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. When doing so, it does not check that the resulting path is in the expected directory, which means that this command could be exploited to re...

7.1CVSS5.8AI score0.00597EPSS
Exploits0References4
Rows per page
Query Builder