Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2019-0579

Good to know:

icon

Date: October 13, 2019

In OpenRefine, versions 2.0 through 3.2 are vulnerable to Cross-Site Request Forgery (CSRF) in several endpoints, due to CSRF protection not implemented. An attacker can manipulate datasets, create and remove projects and execute arbitrary database queries through tricking an authenticated user to send attacker-controlled requests.

Language: Java

Severity Score

Related Resources (11)

https://github.com/OpenRefine/OpenRefine/commit/51ddd27909a97895a6f7d559f5ff8fb705cc4a71
https://github.com/OpenRefine/OpenRefine/commit/70e37b90853fc50160a8adbb3b1730e126ac421e
https://github.com/OpenRefine/OpenRefine/commit/1ee5068f0d86ba838b94fb11e3c75916436e58ca
https://github.com/OpenRefine/OpenRefine/commit/3559eeb11fa3f538d6057d9183378a427fdcd11d
https://github.com/OpenRefine/OpenRefine/commit/9ae6a7a581b852f0bd7cdf96d4e05360acdfbbf1
https://github.com/OpenRefine/OpenRefine/commit/5dc005749aaef481184f4483919f3811a7e6c0f0
https://github.com/OpenRefine/OpenRefine/commit/91cead27f85958d4a7340739a0f73358bc6254c3
https://github.com/OpenRefine/OpenRefine/commit/a340c137d07d76b98ff84aad234160d8fb4e7586
https://github.com/OpenRefine/OpenRefine/commit/b52c0094916ca70af4d5007cc663b9a5ac351bde
https://github.com/OpenRefine/OpenRefine/commit/24feda600a20d75e712d6a29fbdb88fd4b92a17a
https://www.mend.io/vulnerability-database/WS-2019-0579

Severity Score

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

icon

Upgrade Version

Upgrade to version 3.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us