Oct. 2, 2023, 8:02 a.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems.
Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below.
"Although OpenRefine

arbitrary code attackers code code execution cve cvss data flaw high malicious openrefine project result score security security flaw severity systems tool transformation vulnerability zip

Humbly Confident Security Lead

@ YNAB | Remote

Information Technology Specialist II: Information Security Engineer

@ WBCP, Inc. | Pasadena, CA.

Director of the Air Force Cyber Technical Center of Excellence (CyTCoE)

@ Air Force Institute of Technology | Dayton, OH, USA

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Cybersecurity Subject Matter Expert

@ QinetiQ US | Washington, DC, United States

Program Cybersecurity Manage (F/M/X)

@ Alstom | Villeurbanne, FR