6 matches found
CVE-2023-37476
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...
USN-7260-1 openrefine vulnerabilities
It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a crafted tar file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-37476 It was discovered that...
OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code
A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 CVSS score: 7.8, the vulnerability is a Zip Slip vulnerability that could have adverse...
CVE-2023-37476
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...
CVE-2023-37476
OpenRefine's CVE-2023-37476 is a documented zip-slip style vulnerability in the import mechanism for tarred OpenRefine projects. It affects all versions up to 3.7.3 and can allow arbitrary code execution in the OpenRefine process when a user imports a crafted tar file. The issue is widely referen...
CVE-2023-37476 Zip slip in OpenRefine
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...