Description

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Version 3.8.3 fixes this issue.

INFO

Published Date :

2024-10-24T20:31:09.314Z

Last Modified :

2024-10-25T19:07:07.083Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47881 vulnerability.

Vendors Products
Openrefine
  • Openrefine
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47881.

URL Resource
https://github.com/OpenRefine/OpenRefine/commit/853a1d91662e7dc278a9a94a38be58de04494056 cve-icon cve-icon
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-87cf-j763-vvh8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact