Security News > 2023 > October > OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code

OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code
2023-10-02 08:02

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below. "Although OpenRefine


News URL

https://thehackernews.com/2023/10/openrefines-zip-slip-vulnerability.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-17 CVE-2023-37476 Path Traversal vulnerability in Openrefine
OpenRefine is a free, open source tool for data processing.
local
low complexity
openrefine CWE-22
7.8
7.8