Home/Product/openrefine
Product

openrefine

15 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-49760
< 3.8.3
OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from whic
7.1HIGH
 CVE-2024-47883
<= 1.2.6
The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `j
9.1CRITICAL
 CVE-2024-47882
< 3.8.3
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" e
5.9MEDIUM
 CVE-2024-47881
>= 3.4 and < 3.8.3
OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in th
8.1HIGH
 CVE-2024-47880
< 3.8.3
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used
8.1HIGH
 CVE-2024-47879
< 3.8.3
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery pro
7.6HIGH
 CVE-2024-47878
< 3.8.3
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endp
8.1HIGH
 CVE-2024-23833
< 3.7.8
OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in O
7.5HIGH
 CVE-2023-41887
< 3.7.5
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulne
9.8CRITICAL
 CVE-2023-41886
< 3.7.5
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulner
7.5HIGH
 CVE-2022-41401
<= 3.5.2
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the
6.5MEDIUM
 CVE-2023-37476
<= 3.7.3
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used
5.5MEDIUM
 CVE-2019-3580
<= 3.1
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project fi
7.5HIGH
 CVE-2018-20157
<= 3.1
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, a
7.5HIGH
 CVE-2018-19859
all versions
OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.
6.5MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin