HIGH🇵🇱 Wersja polska

CVE-2024-47879

CVSS 7.6v3.1pub. 2024-10-24upd. 2024-12-04

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains at least one row, and the attacker must convince the victim to open a malicious webpage. Version 3.8.3 fixes the issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
  • Openrefine

    APP
    Openrefine
    < 3.8.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-41887CRITICAL9.8ten sam produkt

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote ...

CVE-2024-47878HIGH8.1ten sam produkt

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `/extension/gd...

CVE-2024-47881HIGH8.1ten sam produkt

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to ...

CVE-2024-47880HIGH8.1ten sam produkt

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` ...

CVE-2024-49760HIGH7.1ten sam produkt

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang`...