Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:59 a.m.6 views

CVE-2023-37476

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...

7.8CVSS6.8AI score0.00632EPSS
Exploits0References1
OSV
OSV
added 2025/02/10 3:32 a.m.3 views

USN-7260-1 openrefine vulnerabilities

It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a crafted tar file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-37476 It was discovered that...

9.8CVSS5.7AI score0.45473EPSS
Exploits8References11
The Hacker News
The Hacker News
added 2023/10/02 8:2 a.m.86 views

OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 CVSS score: 7.8, the vulnerability is a Zip Slip vulnerability that could have adverse...

9.8CVSS8.5AI score0.99649EPSS
Exploits21
UbuntuCve
UbuntuCve
added 2023/07/17 10:15 p.m.102 views

CVE-2023-37476

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...

7.8CVSS7.4AI score0.00632EPSS
Exploits0References4
CVE
CVE
added 2023/07/17 9:2 p.m.100 views

CVE-2023-37476

OpenRefine's CVE-2023-37476 is a documented zip-slip style vulnerability in the import mechanism for tarred OpenRefine projects. It affects all versions up to 3.7.3 and can allow arbitrary code execution in the OpenRefine process when a user imports a crafted tar file. The issue is widely referen...

7.8CVSS6.8AI score0.00632EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/07/17 9:2 p.m.61 views

CVE-2023-37476 Zip slip in OpenRefine

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...

5.5CVSS8AI score0.00632EPSS
Exploits0References4
Rows per page
Query Builder