OpenRefine Directory Traversal · CVE-2018-19859 · GitHub Advisory Database · GitHub

OpenRefine Directory Traversal

Moderate severity GitHub Reviewed Published May 14, 2022 to the GitHub Advisory Database • Updated Oct 6, 2023

Package

org.openrefine:main (Maven)

Affected versions

< 3.2-beta

Patched versions

3.2-beta

Description

OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.

References

Published by the National Vulnerability Database

Dec 5, 2018

Published to the GitHub Advisory Database May 14, 2022

Reviewed Jul 25, 2023

Last updated Oct 6, 2023

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N