CVE-2022-41401

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-41401
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41401.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41401
Aliases
Downstream
Published
2023-08-04T17:15:09.583Z
Modified
2026-04-02T08:16:57.476725Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.

References

Affected packages

Git / github.com/openrefine/openrefine

Affected ranges

Type
GIT
Repo
https://github.com/openrefine/openrefine
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e3efd4ec270bfa07a2575efa6ece11b6e269d105
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.2"
        }
    ]
}

Affected versions

1.*
1.0
1.0.1
1.0a
1.0a1
1.0a2
1.0a3
1.0a4
1.0b1
1.1
2.*
2.0
2.1
2.1-rc1
2.5
2.5-rc1
2.5-rc3
2.6-alpha.2
2.6-alpha1
2.6-beta.1
2.6-rc.2
2.7
2.7-rc.1
2.7-rc.2
2.8
3.*
3.0
3.0-beta
3.0-rc.1
3.1
3.1-beta
3.10-beta1
3.10-beta2
3.10.0
3.10.1
3.2
3.2-beta
3.3
3.3-beta
3.3-rc1
3.4
3.4-beta
3.4-beta2
3.4.1
3.5-beta1
3.5-beta2
3.5.0
3.5.1
3.5.2
3.6-beta1
3.6-beta2
3.6-rc1
3.6.0
3.6.1
3.6.2
3.7-beta1
3.7-beta2
3.7-beta3
3.7-beta4
3.7-beta5
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
3.7.7
3.7.8
3.7.9
3.8-beta.3
3.8-beta.4
3.8-beta1
3.8-beta2
3.8-beta5
3.8.0
3.8.1
3.8.2
3.8.3
3.8.4
3.8.5
3.8.6
3.8.7
3.9-beta1
3.9.0
3.9.1
3.9.2
3.9.3
3.9.4
3.9.5
4.*
4.0-alpha1
Other
grid-header-preview
v1.*
v1.0.2
v1.0.3
v1.0.5
v1.0.6
v1.0.7
v2.*
v2.6-rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41401.json"