Platform
java
Component
org.openrefine.dependencies:butterfly
Opgelost in
1.2.7
1.2.6
CVE-2024-47883 is a critical Remote Code Execution (RCE) vulnerability affecting the Butterfly framework, a component used by OpenRefine. The vulnerability arises from improper handling of file:/ URLs, allowing attackers to potentially execute arbitrary code on the server. This impacts OpenRefine versions 1.2.5 and earlier. A fix is available in version 1.2.6.
This vulnerability allows an attacker with network access to OpenRefine instances running vulnerable versions to execute arbitrary code. By crafting malicious file:/ URLs, an attacker can trick the application into fetching and executing remote files as if they were trusted components. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. The impact is particularly severe because OpenRefine is often used to process sensitive data, making it a valuable target for attackers. The ability to execute arbitrary code effectively grants the attacker full control over the affected system.
This CVE was published on 2024-10-24. There are currently no publicly available exploits, but the vulnerability's nature (RCE via URL manipulation) suggests a high probability of exploitation. The severity score of 9.1 (CRITICAL) reflects the ease of exploitation and potential impact. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Organizations using OpenRefine for data cleaning and transformation, particularly those processing sensitive data, are at significant risk. Shared hosting environments where OpenRefine is deployed alongside other applications are also vulnerable, as a compromise of OpenRefine could potentially impact other hosted services. Users relying on older, unpatched OpenRefine installations are especially susceptible.
• java / server:
find /opt/openrefine -type f -name '*.jar' -print0 | xargs -0 grep -i 'butterfly/URLHandler'• generic web:
curl -I 'http://your-openrefine-server/butterfly/URLHandler?file:/path/to/malicious/file' -w '%{http_code}
'• generic web:
grep -i 'file:' /var/log/apache2/access.logdisclosure
Exploit Status
EPSS
3.03% (87% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation is to upgrade OpenRefine to version 1.2.6 or later, which addresses the vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious file:/ URLs. Carefully review and restrict file access permissions within the OpenRefine environment. Monitor network traffic for unusual connections originating from the OpenRefine server. After upgrading, confirm the fix by attempting to access a known malicious file via a file:/ URL; the request should be rejected.
Actualice la biblioteca simile-butterfly a la versión 1.2.6 o superior. Esta versión contiene una corrección para la vulnerabilidad de manejo de recursos. La actualización evitará la ejecución de código arbitrario y otros ataques relacionados.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-47883 is a critical Remote Code Execution vulnerability in the OpenRefine Butterfly framework, allowing attackers to execute arbitrary code by manipulating file URLs.
Yes, if you are using OpenRefine versions 1.2.5 or earlier, you are affected by this vulnerability.
Upgrade OpenRefine to version 1.2.6 or later to remediate the vulnerability. Consider WAF rules as a temporary workaround.
While no public exploits are currently available, the vulnerability's severity and ease of exploitation suggest a high probability of future exploitation.
Refer to the OpenRefine security advisory for detailed information and updates: [https://openrefine.org/security](https://openrefine.org/security)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je pom.xml-bestand en we vertellen je direct of je getroffen bent.