3.8.7
2 years ago
1 months ago
Known vulnerabilities in the org.openrefine:main package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Directory Traversal via the How to fix Directory Traversal? Upgrade | [,3.8.3) |
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Note: This is only exploitable if the attacker knows a valid project ID of a project that contains at least one row. How to fix Cross-site Scripting (XSS)? Upgrade | [,3.8.3) |
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the Note: This is only exploitable if the attacker knows a valid project ID and the project contains at least one row. How to fix Cross-site Request Forgery (CSRF)? Upgrade | [,3.8.3) |
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) which allows unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. How to fix Server-side Request Forgery (SSRF)? Upgrade | [,3.6.0) |
Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via project import, when a carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution if a user can be convinced to import it. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade | [,3.7.4) |