CVE-2023-37476

Name of the Vulnerable Software and Affected Versions OpenRefine versions prior to 3.7.4

Description The issue is related to a Zip Slip vulnerability in OpenRefine, which can be exploited by a specially crafted malicious OpenRefine project tar file. This can lead to arbitrary code execution in the context of the OpenRefine process if a user imports the malicious file.

Recommendations For OpenRefine versions prior to 3.7.4, update to OpenRefine 3.7.4 as soon as possible. For users unable to upgrade, only import OpenRefine projects from trusted sources. As a temporary workaround, consider restricting the import of OpenRefine projects to minimize the risk of exploitation.