org.openrefine:main@3.7.0 vulnerabilities
-
latest version
3.8.5
-
latest non vulnerable version
-
first published
2 years ago
-
latest version published
a month ago
-
licenses detected
- [3.6-beta1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.openrefine:main package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Directory Traversal via the How to fix Directory Traversal? Upgrade |
[,3.8.3)
|
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Note: This is only exploitable if the attacker knows a valid project ID of a project that contains at least one row. How to fix Cross-site Scripting (XSS)? Upgrade |
[,3.8.3)
|
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the Note: This is only exploitable if the attacker knows a valid project ID and the project contains at least one row. How to fix Cross-site Request Forgery (CSRF)? Upgrade |
[,3.8.3)
|
Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via project import, when a carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution if a user can be convinced to import it. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade |
[,3.7.4)
|