PT-2018-15130 · Openrefine · Openrefine

Jackyq2015

·

Published

2018-12-05

·

Updated

2022-05-14

·

CVE-2018-19859

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions OpenRefine versions prior to 3.2 beta
Description The issue allows directory traversal via a relative pathname in a ZIP archive.
Recommendations For versions prior to 3.2 beta, update to version 3.2 beta or later to resolve the issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-19859
GHSA-F6FV-FJG8-4M6W

Affected Products

Openrefine