CVE-2018-20157

NONE EPSS 74.9%
Published Dec 15, 20187y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 15, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.

Threat Intelligence

EPSS Exploit Probability
74.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-611

Affected Products 1

VendorProductVersionRange
openrefineopenrefine* ≤3.1

References 1

  • github.com https://github.com/OpenRefine/OpenRefine/issues/1907
    ExploitPatchThird Party Advisory

Remediation

  • github.com https://github.com/OpenRefine/OpenRefine/issues/1907
    ExploitPatchThird Party Advisory