3.8.7
2 years ago
1 months ago
Known vulnerabilities in the org.openrefine:database package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Arbitrary Code Injection via the How to fix Arbitrary Code Injection? Upgrade | [3.4-beta,3.8.3) |
Affected versions of this package are vulnerable to Uninitialized Memory Exposure due to improper validation of user-supplied input in the Note: This is a bypass for CVE-2023-41887. How to fix Uninitialized Memory Exposure? Upgrade | [,3.8-beta1) |
Affected versions of this package are vulnerable to Arbitrary File Read allowing any unauthenticated user to read the file on the server How to fix Arbitrary File Read? Upgrade | [,3.8-beta1) |
Affected versions of this package are vulnerable to Arbitrary Code Execution when connecting to a malicious MySQL server, due to improperly escaping JDBC URL components in the database extension. Note: In order for the server to enable deserialization the How to fix Arbitrary Code Execution? Upgrade | [,3.8-beta1) |