CVE-2024-23833

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 12, 2024
Updated: Feb 13, 2024
CWE ID 22

Summary

CVE-2024-23833 is a newly discovered vulnerability affecting OpenRefine, a popular data processing tool. Versions of OpenRefine up to and including 3.7.7 are vulnerable to a JDBC query attack. An attacker can construct a malicious query that may enable reading of files on the host filesystem, potentially exposing sensitive information. The vulnerability does not allow for original code execution in the latest version (8.0.30) due to the updated MySQL driver library. Users are strongly urged to upgrade to OpenRefine version 3.7.8 as there are currently no known workarounds for this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share