CVE-2024-47881
- Source
- https://cve.org/CVERecord?id=CVE-2024-47881
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47881.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-47881
- Aliases
- Downstream
- Published
- 2024-10-24T20:31:09.314Z
- Modified
- 2026-04-12T09:39:53.797012Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)
- Details
-
OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the
databaseextension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Version 3.8.3 fixes this issue. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-89" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47881.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47881.json
- https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-87cf-j763-vvh8
- https://nvd.nist.gov/vuln/detail/CVE-2024-47881
- https://github.com/OpenRefine/OpenRefine/commit/853a1d91662e7dc278a9a94a38be58de04494056
Affected packages
Git / github.com/openrefine/openrefine
Database specific
vanir_signatures_modified
"2026-04-12T09:39:53Z"
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47881.json"
vanir_signatures
[
{
"target": {
"file": "extensions/database/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManager.java"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"148625465767518197586181414952410500498",
"52153195507166527708872059003828524818",
"152713181777933480338826892463390586417",
"310944242775402350916100846797656514843",
"309184951899885671436516249854359508306",
"275658479006330244317994889324185974308",
"298929508114247424629507713410874031826"
]
},
"id": "CVE-2024-47881-11f3a22f",
"source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056",
"signature_type": "Line"
},
{
"target": {
"function": "beforeTest",
"file": "extensions/database/tests/src/com/google/refine/extension/database/sqlite/SQLiteDatabaseServiceTest.java"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 532.0,
"function_hash": "301210549726976124103022409242604209994"
},
"id": "CVE-2024-47881-432d49cf",
"source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056",
"signature_type": "Function"
},
{
"target": {
"file": "main/src/com/google/refine/RefineServlet.java"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"70741200116215552636185552063441350157",
"250578989153400506380281591621571840554",
"234825196224379482873151685641821868458",
"163240278076324717749431253028938753191"
]
},
"id": "CVE-2024-47881-463f1041",
"source": "https://github.com/openrefine/openrefine/commit/d70d9114a8c021a233f0c13c73a0a7784276f2a4",
"signature_type": "Line"
},
{
"target": {
"function": "getDatabaseUrl",
"file": "extensions/database/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManager.java"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 236.0,
"function_hash": "239170572422018864752882590789774958086"
},
"id": "CVE-2024-47881-69f506c7",
"source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056",
"signature_type": "Function"
},
{
"target": {
"file": "extensions/database/tests/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManagerTest.java"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"230901473777520033295366208173917713537",
"20817488066084770164423409522632717053",
"56737316068447243297744009003038981574",
"239913584612583691044809876158160499934",
"29631431573964522078349592339383184605",
"18927726664908601399464190075605089",
"107044435684639136940248779990762021885",
"329943744711187267045862377191657579433",
"42690964403184960163740306599042394508",
"36384622644031061044287865667370585104",
"9950470092311162326541082024401237256",
"36067413470298253544656446819412126089",
"24392167935165774719494233530621425394",
"310724215558881680851985929751588820248",
"76649531951624290342291761259293479483",
"27379248246233266557921644375677248788",
"188330552967862325881603458647865357981",
"26722760095812288923457469098579928607"
]
},
"id": "CVE-2024-47881-8603b167",
"source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056",
"signature_type": "Line"
},
{
"target": {
"function": "afterTest",
"file": "extensions/database/tests/src/com/google/refine/extension/database/sqlite/SQLiteDatabaseServiceTest.java"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 157.0,
"function_hash": "29594571857987632570998153976265310529"
},
"id": "CVE-2024-47881-ba8a6040",
"source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056",
"signature_type": "Function"
},
{
"target": {
"function": "testGetDatabaseUrl",
"file": "extensions/database/tests/src/com/google/refine/extension/database/sqlite/SQLiteDatabaseServiceTest.java"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 236.0,
"function_hash": "227575456298992408571957668699543165982"
},
"id": "CVE-2024-47881-bd645343",
"source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056",
"signature_type": "Function"
},
{
"target": {
"file": "extensions/database/tests/src/com/google/refine/extension/database/DBExtensionTests.java"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"32401222131785096062200708245799233749",
"94566981518584604324749427617334028172",
"334749526140071474614362952418790782486",
"228404382564821384263936894365427548937"
]
},
"id": "CVE-2024-47881-cf2109d3",
"source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056",
"signature_type": "Line"
},
{
"target": {
"function": "afterTest",
"file": "extensions/database/tests/src/com/google/refine/extension/database/sqlite/SQLiteConnectionManagerTest.java"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 157.0,
"function_hash": "29594571857987632570998153976265310529"
},
"id": "CVE-2024-47881-f7da1371",
"source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056",
"signature_type": "Function"
},
{
"target": {
"file": "extensions/database/tests/src/com/google/refine/extension/database/sqlite/SQLiteDatabaseServiceTest.java"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"230901473777520033295366208173917713537",
"336637532338474233663774344314858706682",
"296597646696193379051176017007147162891",
"164578035933169516281483451237568798232",
"188779297171662721321308442803415507230",
"29631431573964522078349592339383184605",
"18927726664908601399464190075605089",
"107044435684639136940248779990762021885",
"241409266627953408960379000538251755626",
"89315641394005495261903605506856082249",
"329317674755277027641524951277210134611",
"211506122883565985452498963313331757306",
"339962508101967712196333927212505153374",
"100311800875101586217206970300324147326",
"148270949013928750204587406239907426647",
"45205249259575761962701170534118929901",
"100250610033122885382937822884314188819",
"42690964403184960163740306599042394508",
"36384622644031061044287865667370585104",
"9950470092311162326541082024401237256",
"36067413470298253544656446819412126089",
"24392167935165774719494233530621425394",
"310724215558881680851985929751588820248",
"76649531951624290342291761259293479483",
"27379248246233266557921644375677248788",
"137167608026823615974484273626195466600",
"317579404134170811036087469517622928453",
"333693032492675148291990680870209795714",
"223376729324776375975140722554324318492",
"315179430583441677294897965586913870948",
"100109144700607158646162012169845009921",
"264813514899109287234427319969978025366",
"312267541733586384478108679928229975219",
"261517384245428314571869883271410241893"
]
},
"id": "CVE-2024-47881-fa73b067",
"source": "https://github.com/openrefine/openrefine/commit/853a1d91662e7dc278a9a94a38be58de04494056",
"signature_type": "Line"
}
]