CVE-2023-37476

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jul 17, 2023

Updated: Jul 27, 2023

CWE ID 22

Summary

CVE-2023-37476 is a critical vulnerability affecting OpenRefine, an open-source data processing tool. Maliciously crafted project tar files can trigger arbitrary code execution in the context of the OpenRefine process, posing a significant security risk. This vulnerability affects all versions up to and including 3.7.3. To mitigate the risk, it is recommended that users update to OpenRefine 3.7.4 as soon as possible. Alternatively, users should only import OpenRefine projects from trusted sources.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenRefine

Affected Vendors

Openrefine

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r5ayxM
https://www.cve.org/CVERecord?id=CVE-2023-37476
https://nvd.nist.gov/vuln/detail/CVE-2023-37476

Back to Vulnerability Database