Lucene search

K

Openrefine Security Vulnerabilities

cve
cve

CVE-2024-23833

OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the lates...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-02-12 09:15 PM
23
cve
cve

CVE-2023-41886

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this...

7.5CVSS

7.4AI Score

0.001EPSS

2023-09-15 09:15 PM
25
cve
cve

CVE-2023-41887

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this...

9.8CVSS

9.8AI Score

0.003EPSS

2023-09-15 09:15 PM
33
cve
cve

CVE-2022-41401

OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file...

6.5CVSS

6.2AI Score

0.001EPSS

2023-08-04 05:15 PM
30
cve
cve

CVE-2023-37476

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...

7.8CVSS

7.8AI Score

0.001EPSS

2023-07-17 10:15 PM
25
cve
cve

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project...

7.5CVSS

7.5AI Score

0.001EPSS

2022-10-03 04:19 PM
22
cve
cve

CVE-2018-20157

The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary...

7.5CVSS

7.3AI Score

0.004EPSS

2018-12-15 12:29 AM
20
cve
cve

CVE-2018-19859

OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP...

6.5CVSS

6.4AI Score

0.001EPSS

2018-12-05 11:29 AM
35