CVE-2023-41887

Опубликовано: 15 сент. 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.

Ссылки

https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511
Patch
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5
Exploit
Vendor Advisory
https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511
Patch
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openrefine:openrefine:*:*:*:*:*:*:*:*

Версия до 3.7.5 (исключая)

EPSS

Процентиль: 98%

0.59772

Средний

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

CVE-2023-41887

CVSS3: 9.8

ubuntu

больше 2 лет назад

CVE-2023-41887

CVSS3: 9.8

debian

больше 2 лет назад

OpenRefine is a powerful free, open source tool for working with messy ...

GHSA-p3r5-x3hr-gpg5

CVSS3: 9.8

github

больше 2 лет назад

OpenRefine Remote Code execution in project import with mysql jdbc url attack

EPSS

Процентиль: 98%

0.59772

Средний

9.8 Critical

CVSS3

Дефекты

CWE-89