HIGH🇬🇧 English

CVE-2024-47881

CVSS 8.1v3.1pub. 2024-10-24upd. 2024-10-28

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Version 3.8.3 fixes this issue.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
  • Openrefine

    APP
    Openrefine
    3.4 – 3.8.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2023-41887CRITICAL9.8ten sam produkt

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote ...

CVE-2024-47878HIGH8.1ten sam produkt

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `/extension/gd...

CVE-2024-47880HIGH8.1ten sam produkt

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` ...

CVE-2024-47879HIGH7.6ten sam produkt

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site...

CVE-2024-49760HIGH7.1ten sam produkt

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang`...