CVE-2024-23833
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-23833 is a newly discovered vulnerability affecting OpenRefine, a popular data processing tool. Versions of OpenRefine up to and including 3.7.7 are vulnerable to a JDBC query attack. An attacker can construct a malicious query that may enable reading of files on the host filesystem, potentially exposing sensitive information. The vulnerability does not allow for original code execution in the latest version (8.0.30) due to the updated MySQL driver library. Users are strongly urged to upgrade to OpenRefine version 3.7.8 as there are currently no known workarounds for this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.