org.openrefine:database@3.6-beta2 vulnerabilities
-
latest version
3.8.2
-
first published
2 years ago
-
latest version published
5 months ago
-
licenses detected
- [3.6-beta1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.openrefine:database package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Arbitrary Code Injection via the How to fix Arbitrary Code Injection? Upgrade |
[3.4-beta,3.8.3)
|
Affected versions of this package are vulnerable to Uninitialized Memory Exposure due to improper validation of user-supplied input in the Note: This is a bypass for CVE-2023-41887. How to fix Uninitialized Memory Exposure? Upgrade |
[,3.8-beta1)
|
Affected versions of this package are vulnerable to Arbitrary File Read allowing any unauthenticated user to read the file on the server How to fix Arbitrary File Read? Upgrade |
[,3.8-beta1)
|
Affected versions of this package are vulnerable to Arbitrary Code Execution when connecting to a malicious MySQL server, due to improperly escaping JDBC URL components in the database extension. Note: In order for the server to enable deserialization the How to fix Arbitrary Code Execution? Upgrade |
[,3.8-beta1)
|