OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database
extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Version 3.8.3 fixes this issue.
{ "vanir_signatures": [ { "signature_type": "Line", "digest": { "line_hashes": [ "148625465767518197586181414952410500498", "52153195507166527708872059003828524818", "152713181777933480338826892463390586417", "310944242775402350916100846797656514843", "309184951899885671436516249854359508306", "275658479006330244317994889324185974308", "298929508114247424629507713410874031826" ], "threshold": 0.9 }, "signature_version": "v1", "id": "CVE-2024-47881-11f3a22f", "source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056", "target": { "file": "extensions/database/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManager.java" }, "deprecated": false }, { "signature_type": "Function", "digest": { "length": 532.0, "function_hash": "301210549726976124103022409242604209994" }, "signature_version": "v1", "id": "CVE-2024-47881-432d49cf", "source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056", "target": { "function": "beforeTest", "file": "extensions/database/tests/src/com/google/refine/extension/database/sqlite/SQLiteDatabaseServiceTest.java" }, "deprecated": false }, { "signature_type": "Function", "digest": { "length": 236.0, "function_hash": "239170572422018864752882590789774958086" }, "signature_version": "v1", "id": "CVE-2024-47881-69f506c7", "source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056", "target": { "function": "getDatabaseUrl", "file": "extensions/database/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManager.java" }, "deprecated": false }, { "signature_type": "Line", "digest": { "line_hashes": [ "230901473777520033295366208173917713537", "20817488066084770164423409522632717053", "56737316068447243297744009003038981574", "239913584612583691044809876158160499934", "29631431573964522078349592339383184605", "18927726664908601399464190075605089", "107044435684639136940248779990762021885", "329943744711187267045862377191657579433", "42690964403184960163740306599042394508", "36384622644031061044287865667370585104", "9950470092311162326541082024401237256", "36067413470298253544656446819412126089", "24392167935165774719494233530621425394", "310724215558881680851985929751588820248", "76649531951624290342291761259293479483", "27379248246233266557921644375677248788", "188330552967862325881603458647865357981", "26722760095812288923457469098579928607" ], "threshold": 0.9 }, "signature_version": "v1", "id": "CVE-2024-47881-8603b167", "source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056", "target": { "file": "extensions/database/tests/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManagerTest.java" }, "deprecated": false }, { "signature_type": "Function", "digest": { "length": 157.0, "function_hash": "29594571857987632570998153976265310529" }, "signature_version": "v1", "id": "CVE-2024-47881-ba8a6040", "source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056", "target": { "function": "afterTest", "file": "extensions/database/tests/src/com/google/refine/extension/database/sqlite/SQLiteDatabaseServiceTest.java" }, "deprecated": false }, { "signature_type": "Function", "digest": { "length": 236.0, "function_hash": "227575456298992408571957668699543165982" }, "signature_version": "v1", "id": "CVE-2024-47881-bd645343", "source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056", "target": { "function": "testGetDatabaseUrl", "file": "extensions/database/tests/src/com/google/refine/extension/database/sqlite/SQLiteDatabaseServiceTest.java" }, "deprecated": false }, { "signature_type": "Line", "digest": { "line_hashes": [ "32401222131785096062200708245799233749", "94566981518584604324749427617334028172", "334749526140071474614362952418790782486", "228404382564821384263936894365427548937" ], "threshold": 0.9 }, "signature_version": "v1", "id": "CVE-2024-47881-cf2109d3", "source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056", "target": { "file": "extensions/database/tests/src/com/google/refine/extension/database/DBExtensionTests.java" }, "deprecated": false }, { "signature_type": "Function", "digest": { "length": 157.0, "function_hash": "29594571857987632570998153976265310529" }, "signature_version": "v1", "id": "CVE-2024-47881-f7da1371", "source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056", "target": { "function": "afterTest", "file": "extensions/database/tests/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManagerTest.java" }, "deprecated": false }, { "signature_type": "Line", "digest": { "line_hashes": [ "230901473777520033295366208173917713537", "336637532338474233663774344314858706682", "296597646696193379051176017007147162891", "164578035933169516281483451237568798232", "188779297171662721321308442803415507230", "29631431573964522078349592339383184605", "18927726664908601399464190075605089", "107044435684639136940248779990762021885", "241409266627953408960379000538251755626", "89315641394005495261903605506856082249", "329317674755277027641524951277210134611", "211506122883565985452498963313331757306", "339962508101967712196333927212505153374", "100311800875101586217206970300324147326", "148270949013928750204587406239907426647", "45205249259575761962701170534118929901", "100250610033122885382937822884314188819", "42690964403184960163740306599042394508", "36384622644031061044287865667370585104", "9950470092311162326541082024401237256", "36067413470298253544656446819412126089", "24392167935165774719494233530621425394", "310724215558881680851985929751588820248", "76649531951624290342291761259293479483", "27379248246233266557921644375677248788", "137167608026823615974484273626195466600", "317579404134170811036087469517622928453", "333693032492675148291990680870209795714", "223376729324776375975140722554324318492", "315179430583441677294897965586913870948", "100109144700607158646162012169845009921", "264813514899109287234427319969978025366", "312267541733586384478108679928229975219", "261517384245428314571869883271410241893" ], "threshold": 0.9 }, "signature_version": "v1", "id": "CVE-2024-47881-fa73b067", "source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056", "target": { "file": "extensions/database/tests/src/com/google/refine/extension/database/sqlite/SQLiteDatabaseServiceTest.java" }, "deprecated": false } ] }