6 matches found
DEBIAN-CVE-2024-47879
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...
UBUNTU-CVE-2024-47879
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...
CVE-2024-47879
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...
GHSA-3JM4-C6QF-JRH3 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)
Summary Lack of CSRF protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains...
OpenRefine 代码注入漏洞
OpenRefine is a Java-based open source tool. The product is mainly used for loading data, analyzing data and cleaning data, among other things. A code injection vulnerability exists in OpenRefine prior to version 3.8.3 that stems from the lack of cross-site request forgery protection in the...
PT-2024-32869 · Unknown +3 · Openrefine +3
Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The issue is related to a lack of cross-site request forgery protection on the preview-expression command. This means that visiting a malicious website could cause an attacker-controlled...