Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xN21jLWZjODctdjd3N84AA1Dj
OpenRefine Server-Side Request Forgery vulnerability
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.
Permalink: https://github.com/advisories/GHSA-q7mc-fc87-v7w7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xN21jLWZjODctdjd3N84AA1Dj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 9 months ago
Updated: 6 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-q7mc-fc87-v7w7, CVE-2022-41401
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-41401
- https://github.com/OpenRefine/OpenRefine/blob/30d6edb7b6586623bda09456c797c35983fb80ff/main/tests/server/src/com/google/refine/importing/ImportingUtilitiesTests.java#L180
- https://github.com/OpenRefine/OpenRefine/blob/cb55cdfdf6f9ca916839778dc847cce803688998/main/src/com/google/refine/importing/ImportingUtilities.java#L103
- https://github.com/ixSly/CVE-2022-41401
- https://github.com/OpenRefine/OpenRefine/commit/8cb2fec45dd90fda8ed9608c691f6bb8ed721cd2
- https://github.com/advisories/GHSA-q7mc-fc87-v7w7
Blast Radius: 11.7
Affected Packages
maven:org.openrefine:main
Dependent packages: 8Dependent repositories: 64
Downloads:
Affected Version Ranges: < 3.6.0
Fixed in: 3.6.0
All affected versions:
All unaffected versions: 3.6.0, 3.6.1, 3.6.2, 3.7.0, 3.7.2, 3.8.0