Openrefine: >> Openrefine >> 1.0.5 Security Vulnerabilities
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-01-03
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-12-15
OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.
CVSS Score
6.5
EPSS Score
0.138
Published
2018-12-05
Page 2