Several security issues were fixed in OpenRefine.
Software Description:
- openrefine: powerful tool for working with messy data
Details:
It was discovered that OpenRefine did not properly handle opening tar
files. If a user or application were tricked into opening a crafted tar
file, an attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 22.04 LTS. (CVE-2023-37476)
It was discovered that OpenRefine incorrectly handled file permissions and
user authentication. An unauthenticated attacker could possibly use this
issue to leak sensitive information or execute arbitrary code. This issue
only affected Ubuntu 22.04 LTS. (CVE-2023-41886, CVE-2023-41887)
It was discovered that OpenRefine did not properly disallow database
settings to be modified when queried. An attacker could possibly use this
issue to leak sensitive information. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-23833)
It wa...
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 openrefine 3.7.8-1ubuntu0.1 Ubuntu 24.04 LTS openrefine 3.7.7-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS openrefine 3.5.2-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7260-1
CVE-2023-37476, CVE-2023-41886, CVE-2023-41887, CVE-2024-23833,
CVE-2024-47878, CVE-2024-47879, CVE-2024-47880, CVE-2024-47881,
CVE-2024-47882, CVE-2024-49760
Get the latest Linux and open source security news straight to your inbox.