Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zip slip in OpenRefine
Vulnerability Description
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
OpenRefine 路径遍历漏洞
Vulnerability Description
OpenRefine是一款基于Java的开源工具。该产品主要用于加载数据、分析数据和清理数据等。 OpenRefine 3.7.3版本及之前版本存在路径遍历漏洞。攻击者利用该漏洞可以执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A