Description
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file.
Remediation
References
https://github.com/OpenRefine/OpenRefine/issues/1927
Related Vulnerabilities
CVE-2023-36472 Vulnerability in npm package @strapi/utils
CVE-2021-43138 Vulnerability in maven package org.webjars.npm:async
CVE-2021-41182 Vulnerability in maven package org.webjars.npm:jquery-ui
CVE-2021-34078 Vulnerability in npm package lifion-verify-deps
CVE-2020-6449 Vulnerability in maven package org.webjars.npm:electron