CVE-2018-19859

OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.

Published : 2018-12-05 11:29 Updated : 2019-03-25 22:29

4.0
CVSS Score More info
Score 4.0 / 10
4.0

CPE

There is no CPE for this CVE.

CWE

ID Name Description Links
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. CVE

History of changes

Date Event
2019-03-25 22:29
2018-12-26 22:01
2018-12-05 11:29

New CVE