org.openrefine:main

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.openrefine:mainpage 1 of 1

CVE-2018-19859MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.2-beta
2018-12-05
OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.
CVE-2022-41401MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.6.0
2023-08-04
vulnerable: 3.6-beta1, 3.6-beta2, 3.6-rc1
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.
CVE-2023-37476MEDIUMCVSS 5.5EG 5.5✓ Fixed in 3.7.4
2023-07-17
vulnerable: 3.6-beta1 ... 3.7.2 (10 versions)
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to im…
CVE-2024-47879HIGHCVSS 7.6EG 7.6✓ Fixed in 3.8.3
2024-10-24
vulnerable: 3.6-beta1 ... 3.8.2 (15 versions)
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-c…

Check whether org.openrefine:main is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.openrefine:main CVEs against the assets you own.

Start Free Scan →