Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2018-19859

OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.

Published: Dec 5, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-19859
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
openrefine / openrefine	3.1-beta	3.1-beta.x
openrefine / openrefine	3.0-beta	3.0-beta.x
openrefine / openrefine	3.0-rc1	3.0-rc1.x
openrefine / openrefine	2.8	2.8.x
openrefine / openrefine	3.0	3.0.x
openrefine / openrefine	3.1	3.1.x
openrefine / openrefine	2.7-rc1	2.7-rc1.x
openrefine / openrefine	2.7-rc2	2.7-rc2.x
openrefine / openrefine	2.6-alpha1	2.6-alpha1.x
openrefine / openrefine	2.6-alpha2	2.6-alpha2.x
openrefine / openrefine	2.6-beta1	2.6-beta1.x
openrefine / openrefine	2.6-rc1	2.6-rc1.x
openrefine / openrefine	2.6-rc2	2.6-rc2.x
openrefine / openrefine	1.0.2	1.0.2.x
openrefine / openrefine	1.0.3	1.0.3.x
openrefine / openrefine	1.0.5	1.0.5.x
openrefine / openrefine	1.0.6	1.0.6.x
openrefine / openrefine	1.0.7	1.0.7.x
openrefine / openrefine	2.7	2.7.x
openrefine / openrefine	2.5-rc1	2.5-rc1.x
openrefine / openrefine	2.5-rc3	2.5-rc3.x
openrefine / openrefine	2.1-rc1	2.1-rc1.x
openrefine / openrefine	1.0.1	1.0.1.x
openrefine / openrefine	1.1	1.1.x
openrefine / openrefine	2.0	2.0.x
openrefine / openrefine	2.1	2.1.x
openrefine / openrefine	2.5	2.5.x
openrefine / openrefine	1.0-a1	1.0-a1.x
openrefine / openrefine	1.0-a2	1.0-a2.x
openrefine / openrefine	1.0-a3	1.0-a3.x
openrefine / openrefine	1.0-a4	1.0-a4.x
openrefine / openrefine	1.0-b1	1.0-b1.x
openrefine / openrefine	1.0	1.0.x