{"id":"CVE-2022-41401","details":"OpenRefine \u003c= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.","aliases":["GHSA-q7mc-fc87-v7w7"],"modified":"2026-04-10T04:51:19.951443Z","published":"2023-08-04T17:15:09.583Z","references":[{"type":"ADVISORY","url":"https://github.com/OpenRefine/OpenRefine/blob/30d6edb7b6586623bda09456c797c35983fb80ff/main/tests/server/src/com/google/refine/importing/ImportingUtilitiesTests.java#L180"},{"type":"ADVISORY","url":"https://github.com/OpenRefine/OpenRefine/blob/cb55cdfdf6f9ca916839778dc847cce803688998/main/src/com/google/refine/importing/ImportingUtilities.java#L103"},{"type":"EVIDENCE","url":"https://github.com/ixSly/CVE-2022-41401"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openrefine/openrefine","events":[{"introduced":"0"},{"last_affected":"e3efd4ec270bfa07a2575efa6ece11b6e269d105"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.5.2"}]}}],"versions":["2.6-beta.1","2.6-rc.2","2.7","2.7-rc.1","2.7-rc.2","2.8","3.0","3.0-beta","3.0-rc.1","3.1","3.1-beta","3.2","3.2-beta","3.3","3.3-beta","3.3-rc1","3.4-beta","3.5-beta1","3.5-beta2","3.5.0","3.5.1","3.5.2","v2.6-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41401.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}