org.openrefine.dependencies:butterfly@1.0.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.openrefine.dependencies:butterfly package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Server-side Request Forgery (SSRF)

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the getResource method. An attacker can manipulate the resource URL to access or execute unauthorized files by providing a crafted URL that points to external resources or malicious files.

How to fix Server-side Request Forgery (SSRF)?

Upgrade org.openrefine.dependencies:butterfly to version 1.2.6 or higher.

[,1.2.6)
  • C
Eval Injection

Affected versions of this package are vulnerable to Eval Injection through the parseJSON and getJSON functions. An attacker can execute arbitrary code on the server by supplying crafted input that manipulates the evaluation process.

How to fix Eval Injection?

Upgrade org.openrefine.dependencies:butterfly to version 1.2.6 or higher.

[,1.2.6)