exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2023-37476

больше 2 лет назад

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources.

CVSS3: 5.5

EPSS: Низкий

CVE-2023-37476

больше 2 лет назад

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources.

CVSS3: 5.5

EPSS: Низкий

CVE-2023-37476

больше 2 лет назад

OpenRefine is a free, open source tool for data processing. A carefull ...

CVSS3: 5.5

EPSS: Низкий

GHSA-m88m-crr9-jvqq

больше 2 лет назад

OpenRefine vulnerable to zip slip in project import

CVSS3: 5.5

EPSS: Низкий

BDU:2023-06589

больше 2 лет назад

Уязвимость программного средства извлечения и очистки табличных данных OpenRefine, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю выполнить произвольный код

CVSS3: 7.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2023-37476 OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources.	CVSS3: 5.5	0% Низкий	больше 2 лет назад
CVE-2023-37476 OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources.	CVSS3: 5.5	0% Низкий	больше 2 лет назад
CVE-2023-37476 OpenRefine is a free, open source tool for data processing. A carefull ...	CVSS3: 5.5	0% Низкий	больше 2 лет назад
GHSA-m88m-crr9-jvqq OpenRefine vulnerable to zip slip in project import	CVSS3: 5.5	0% Низкий	больше 2 лет назад
BDU:2023-06589 Уязвимость программного средства извлечения и очистки табличных данных OpenRefine, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю выполнить произвольный код	CVSS3: 7.8	0% Низкий	больше 2 лет назад

Уязвимостей на страницу