CVE-2023-37476

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-22
View all →

Vulnerability Description

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources.

Related Vulnerabilities

CVE-2009-3721

HIGH
CVSS:7.8(High)

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to ...

CWE-222009

CVE-2015-0016

HIGH
CVSS:7.8(High)

Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gol...

CWE-222015

CVE-2015-3151

HIGH
CVSS:7.8(High)

Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) Ne...

CWE-222015

CVE-2015-7270

HIGH
CVSS:7.8(High)

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

CWE-222015

CVE-2015-8535

HIGH
CVSS:7.8(High)

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center ...

CWE-222015

CVE-2016-4313

HIGH
CVSS:7.8(High)

Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.

CWE-222016