cbcvebase.
CVE-2023-41887
published 2023-09-15

CVE-2023-41887: OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any…

PriorityP278critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
45.47%
98.6th percentile
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianopenrefine< openrefine 3.6.2-2+deb12u2 (bookworm)openrefine 3.6.2-2+deb12u2 (bookworm)
openrefineopenrefine< 3.7.53.7.5
openrefineopenrefine<= 3.7.4
openrefineopenrefine>= 0 < 3.6.2-2+deb12u23.6.2-2+deb12u2
openrefineopenrefine>= 0 < 3.7.5-13.7.5-1
openrefineopenrefine>= 0 < 3.7.5-13.7.5-1
openrefineopenrefine>= 0 < 3.5.2-1ubuntu0.1~esm13.5.2-1ubuntu0.1~esm1
openrefineopenrefine>= 0 < 3.7.7-1ubuntu0.1~esm13.7.7-1ubuntu0.1~esm1

Detection & IOCsextracted from sources · hover to see the quote

  • Unauthenticated remote code execution in OpenRefine versions prior to 3.7.5; detect exploitation attempts targeting OpenRefine HTTP endpoints without authentication headers
  • ·Vulnerable versions are OpenRefine < 3.7.5; patched in 3.7.5. Debian bookworm fix is in 3.6.2-2+deb12u2.
  • ·Debian bookworm resolves this with a backport (3.6.2-2+deb12u2), not the upstream 3.7.5 release; ensure version checks account for this.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.