CVE-2018-19859

NONE EPSS 82.6%
Published Dec 5, 20187y ago ยท Modified Jun 17, 20262w ago
Find Similar
Published Dec 5, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.

Threat Intelligence

EPSS Exploit Probability
82.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 33

VendorProductVersionRange
openrefineopenrefine1.0any
openrefineopenrefine1.0any
openrefineopenrefine1.0any
openrefineopenrefine1.0any
openrefineopenrefine1.0any
openrefineopenrefine1.0any
openrefineopenrefine1.0.1any
openrefineopenrefine1.0.2any
openrefineopenrefine1.0.3any
openrefineopenrefine1.0.5any
openrefineopenrefine1.0.6any
openrefineopenrefine1.0.7any
openrefineopenrefine1.1any
openrefineopenrefine2.0any
openrefineopenrefine2.1any
openrefineopenrefine2.1any
openrefineopenrefine2.5any
openrefineopenrefine2.5any
openrefineopenrefine2.5any
openrefineopenrefine2.6any
openrefineopenrefine2.6any
openrefineopenrefine2.6any
openrefineopenrefine2.6any
openrefineopenrefine2.6any
openrefineopenrefine2.7any
openrefineopenrefine2.7any
openrefineopenrefine2.7any
openrefineopenrefine2.8any
openrefineopenrefine3.0any
openrefineopenrefine3.0any
openrefineopenrefine3.0any
openrefineopenrefine3.1any
openrefineopenrefine3.1any

References 2

  • github.com https://github.com/OpenRefine/OpenRefine/issues/1840
    ExploitThird Party Advisory
  • github.com https://github.com/OpenRefine/OpenRefine/pull/1901
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.