3 matches found
GHSA-M88M-CRR9-JVQQ OpenRefine vulnerable to zip slip in project import
Impact A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution if a user can be convinced to import it. Patches The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as...
OpenRefine vulnerable to zip slip in project import
Impact A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution if a user can be convinced to import it. Patches The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as...
CVE-2018-19859
OpenRefine before 3.2 beta is vulnerable to directory traversal via a relative pathname in a ZIP archive (CVE-2018-19859). The issue is confirmed across multiple advisories linking to OpenRefine's project import path handling. Mitigation known in the connected docs includes patches suggested by P...