{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T19:35:11.939","vulnerabilities":[{"cve":{"id":"CVE-2024-23833","sourceIdentifier":"security-advisories@github.com","published":"2024-02-12T21:15:08.760","lastModified":"2024-11-21T08:58:31.330","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest version of OpenRefine (8.0.30), there is no associated deserialization utilization point, so original code execution cannot be achieved, but attackers can use this vulnerability to read sensitive files on the target server. This issue has been addressed in version 3.7.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"OpenRefine es una poderosa herramienta gratuita y de código abierto para trabajar con datos desordenados y mejorarlos. Existe una vulnerabilidad de ataque jdbc en OpenRefine (versión <= 3.7.7) donde un atacante puede construir una consulta JDBC que puede leer archivos en el sistema de archivos del host. Debido a la librería de controladores MySQL más nueva en la última versión de OpenRefine (8.0.30), no hay ningún punto de utilización de deserialización asociado, por lo que no se puede lograr la ejecución del código original, pero los atacantes pueden usar esta vulnerabilidad para leer archivos confidenciales en el servidor de destino. Este problema se solucionó en la versión 3.7.8. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openrefine:openrefine:*:*:*:*:*:*:*:*","versionEndExcluding":"3.7.8","matchCriteriaId":"05E76B8C-0DC1-44AA-9DBE-8EAFBF955AA0"}]}]}],"references":[{"url":"https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}