OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code | allinfosecnews.com

Oct. 2, 2023, 8:02 a.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems.
Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below.
"Although OpenRefine

arbitrary code attackers code code execution cve cvss data flaw high malicious openrefine project result score security security flaw severity systems tool transformation vulnerability zip

More from thehackernews.com / The Hacker News

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns 4 hours ago | thehackernews.com

campaigns cybersecurity email email phishing +14

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam 1 day ago | thehackernews.com

april arrested atlanta charged +15

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide 1 day, 2 hours ago | thehackernews.com

as-a-service attacks banking banking trojan +28

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking 2 days, 17 hours ago | thehackernews.com

actor aqua arsenal botnet +16

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs 2 days, 23 hours ago | thehackernews.com

cves cyber exposure exposure management +16

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT 2 days, 23 hours ago | thehackernews.com

access advancements asia blacktech +23

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks 3 days, 1 hour ago | thehackernews.com

advanced advanced persistent threat apt attacks +20

CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now 3 days, 3 hours ago | thehackernews.com

actively exploited agency catalog cisa +27

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks 3 days, 18 hours ago | thehackernews.com

attack attacks clients cve +19

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Security Operations Vice President - Content Developer

@ JPMorgan Chase & Co. | Jersey City, NJ, United States

View on infosec-jobs.com

Computer and Forensics Investigator

@ ManTech | 221BQ - Cstmr Site,Springfield,VA

View on infosec-jobs.com

Senior Security Analyst

@ Oracle | United States

View on infosec-jobs.com