Vulnerability Description
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openrefine | Openrefine | < 3.7.5 |
Related Weaknesses (CWE)
References
- https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389Patch
- https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5ExploitVendor Advisory
- https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389Patch
- https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5ExploitVendor Advisory
FAQ
What is CVE-2023-41887?
CVE-2023-41887 is a vulnerability with a CVSS score of 9.8 (CRITICAL). OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server...
How severe is CVE-2023-41887?
CVE-2023-41887 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-41887?
Check the references section above for vendor advisories and patch information. Affected products include: Openrefine Openrefine.