A critical Zip Slip vulnerability was discovered in the open-source data cleaning and transformation tool ‘OpenRefine’, which allowed attackers to import malicious code and execute arbitrary code.
OpenRefine is a strong Java-based, free, open-source tool for handling messy data. This includes cleaning it, converting it into a different format, and expanding it with web services and external data.
According to SonarCloud, the Zip Slip vulnerability in OpenRefine allows attackers to overwrite existing files or the extraction of contents to unexpected locations. This vulnerability is caused by insufficient path validation while extracting archives.
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
The project import feature of OpenRefine versions 3.7.3 and earlier is vulnerable to a Zip Slip vulnerability (CVE-2023-37476) with a CVSS score of 7.8.
Although OpenRefine is only intended to execute locally on a user’s computer, a user can be tricked into importing a malicious project file. Once this file is imported, the attacker will be able to run arbitrary code on the victim’s computer.
“The vulnerability gives attackers a strong primitive: writing files with arbitrary content to an arbitrary location on the filesystem. For applications running with root privileges, there are dozens of possibilities to turn this into arbitrary code execution on the operating system: adding a new user to the passwd file, adding an SSH key, creating a cron job, and more”, researchers said.
OpenRefine Version 3.7.4, published on July 17, 2023, has a fix for the issue.
In light of this, Users are recommended to update to OpenRefine 3.7.4 as soon as feasible.
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.
Managing Shadow IT risks has become a critical challenge for Chief Information Security Officers (CISOs),…
Application security in 2025 has become a defining concern for every Chief Information Security Officer…
Quantum cybersecurity risks represent a paradigm shift in cybersecurity, demanding immediate attention from Chief Information…
In today’s hyper-connected world, securing digital transformation is a technological upgrade and a fundamental reimagining…
Building a scalable cybersecurity framework is essential in today’s rapidly evolving digital landscape, enabling organizations…
In today’s digital-first business environment, protecting intellectual property is crucial, as IP remains one of…
![](data:image/svg+xml;charset=utf-8,<svg height="400px" width="1000px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
.png?w=1600&resize=1600,900&ssl=1)
