CVE-2018-20157
NONE EPSS 74.9%
Published Dec 15, 20187y ago · Modified Jun 17, 20262w ago
Published Dec 15, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
Threat Intelligence
EPSS Exploit Probability
74.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-611
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| openrefine | openrefine | * | ≤3.1 |
References 1
- github.com https://github.com/OpenRefine/OpenRefine/issues/1907
Remediation
- github.com https://github.com/OpenRefine/OpenRefine/issues/1907