CVE-2023-41887

high-risk
Published 2023-09-15

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.

Do I need to act?

!
57.7% chance of exploitation in next 30 days
EPSS score — higher than 42% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 693fde606d4b5b78b16391c29d110389eb605511
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Openrefine

Affected Vendors

Openrefine

References (4)

Patch https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389...
Exploit https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5
Patch https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389...
Exploit https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5
55
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 18/34 · Moderate
Exposure 5/34 · Minimal