CVE-2023-41886: OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack

September 12, 2023

An arbitrary file read vulnerability allows any unauthenticated user to read the file on the server.

References

github.com/OpenRefine/OpenRefine/commit/2de1439f5be63d9d0e89bbacbd24fa28c8c3e29d
github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qqh2-wvmv-h72m
github.com/advisories/GHSA-qqh2-wvmv-h72m

Detect and mitigate CVE-2023-41886 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →