The data import functionality in OpenRefine up to and including 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing malicious users to read arbitrary files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openrefine openrefine |