CVE-2023-41886

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue.

Database specific

{
    "cwe_ids": [
        "CWE-89"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/41xxx/CVE-2023-41886.json"
}

References

Affected packages

Git / github.com/openrefine/openrefine

Affected ranges

Type: GIT
Repo: https://github.com/openrefine/openrefine
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a04fb5fbd0d35d7b727bdca7d34bbca8245427d8

Affected versions

1.*

1.1

2.*

2.6-alpha.2

2.6-alpha1

2.6-beta.1

2.6-rc.2

2.7

2.7-rc.1

2.7-rc.2

2.8

3.*

3.0

3.0-beta

3.0-rc.1

3.1

3.1-beta

3.2

3.2-beta

3.3

3.3-beta

3.3-rc1

3.4-beta

3.5-beta1

3.7-beta2

3.7-beta3

3.7-beta4

3.7-beta5

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

v2.*

v2.6-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41886.json"

vanir_signatures

[
    {
        "id": "CVE-2023-41886-e5cb8c75",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "185651037213066091579096239123739585523",
                "111752433688531394301492760245143875503",
                "187992265526071743079543598096237653692",
                "324635396311902356857937670097655734650"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "main/src/com/google/refine/RefineServlet.java"
        },
        "signature_version": "v1",
        "source": "https://github.com/openrefine/openrefine/commit/a04fb5fbd0d35d7b727bdca7d34bbca8245427d8",
        "deprecated": false
    }
]