exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2024-47881

больше 1 года назад

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Version 3.8.3 fixes this issue.

CVSS3: 8.1

EPSS: Низкий

CVE-2024-47881

больше 1 года назад

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Version 3.8.3 fixes this issue.

CVSS3: 8.1

EPSS: Низкий

CVE-2024-47881

больше 1 года назад

OpenRefine is a free, open source tool for working with messy data. St ...

CVSS3: 8.1

EPSS: Низкий

GHSA-87cf-j763-vvh8

больше 1 года назад

OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)

CVSS3: 8.1

EPSS: Низкий

BDU:2024-10250

больше 1 года назад

Уязвимость расширения database программного средства извлечения и очистки табличных данных OpenRefine, позволяющая нарушителю выполнить произвольный код

CVSS3: 8.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-47881 OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Version 3.8.3 fixes this issue.	CVSS3: 8.1	0% Низкий	больше 1 года назад
CVE-2024-47881 OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Version 3.8.3 fixes this issue.	CVSS3: 8.1	0% Низкий	больше 1 года назад
CVE-2024-47881 OpenRefine is a free, open source tool for working with messy data. St ...	CVSS3: 8.1	0% Низкий	больше 1 года назад
GHSA-87cf-j763-vvh8 OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)	CVSS3: 8.1	0% Низкий	больше 1 года назад
BDU:2024-10250 Уязвимость расширения database программного средства извлечения и очистки табличных данных OpenRefine, позволяющая нарушителю выполнить произвольный код	CVSS3: 8.8	0% Низкий	больше 1 года назад

Уязвимостей на страницу