{"vulnerability": "cve-2024-4788", "sightings": [{"uuid": "e7b7e62d-054a-48f7-a7fa-c95f8cbe861a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47886", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mg3tjoz2xl2n", "content": "", "creation_timestamp": "2026-03-02T18:01:13.278893Z"}, {"uuid": "14bccee4-312a-4147-8d91-05325123f38f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47884", "type": "seen", "source": "https://t.me/cvedetector/7745", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47884 - Firefox File Permission Disclosure in Foxmarks\", \n  \"Content\": \"CVE ID : CVE-2024-47884 \nPublished : Oct. 11, 2024, 8:15 p.m. | 32\u00a0minutes ago \nDescription : foxmarks is a CLI read-only interface for Firefox's bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox's database of bookmarks, history, input history, visits counter, use counter, view counter and more confidential information about the history of using Firefox. Permissions default to 0o600 for NamedTempFile. However, after copying the database, its permissions were copied with it resulting in an insecure file with 0x644 permissions. A malicious user is able to read the database when the targeted user executes foxmarks bookmarks or foxmarks history. This vulnerability is patched in v2.1.0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T22:55:00.000000Z"}, {"uuid": "021dc43c-3a07-4589-8697-e346a731bd76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47888", "type": "seen", "source": "https://t.me/cvedetector/8123", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47888 - Rails ReDoS Vulnerability in Action Text helper\", \n  \"Content\": \"CVE ID : CVE-2024-47888 \nPublished : Oct. 16, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Carefully crafted text can cause the `plain_text_for_blockquote_node` helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling `plain_text_for_blockquote_node` or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T23:55:15.000000Z"}, {"uuid": "0073003e-901b-4955-8753-38accfecec18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47883", "type": "seen", "source": "https://t.me/cvedetector/8857", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47883 - Apache Simile Butterfly File System Access and Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47883 \nPublished : Oct. 24, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: \"opening a connection\" to these URLs opens the local file. However, prior to version 1.2.6, if a `file:/` URL is directly given where a relative path (resource name) is expected, this is also accepted in some code paths; the app then fetches the file, from a remote machine if indicated, and uses it as if it was a trusted part of the app's codebase. This leads to multiple weaknesses and potential weaknesses. An attacker that has network access to the application could use it to gain access to files, either on the the server's filesystem (path traversal) or shared by nearby machines (server-side request forgery with e.g. SMB). An attacker that can lead or redirect a user to a crafted URL belonging to the app could cause arbitrary attacker-controlled JavaScript to be loaded in the victim's browser (cross-site scripting). If an app is written in such a way that an attacker can influence the resource name used for a template, that attacker could cause the app to fetch and execute an attacker-controlled template (remote code execution). Version 1.2.6 contains a patch. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T00:21:33.000000Z"}, {"uuid": "2081b217-4017-49d2-81b4-89ddfce1d642", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47882", "type": "seen", "source": "https://t.me/cvedetector/8856", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47882 - OpenRefine HTML Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47882 \nPublished : Oct. 24, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in \"Something went wrong!\" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this code in OpenRefine itself is for an attacker to somehow convince a victim to import a malicious file, which may be difficult.  However, out-of-tree extensions may add their own calls to `respondWithErrorPage`. Version 3.8.3 has a fix for this issue. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T00:21:33.000000Z"}, {"uuid": "275d7819-95c0-4c42-bca1-00eab1efd0a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47881", "type": "seen", "source": "https://t.me/cvedetector/8862", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47881 - OpenRefine SQLite Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47881 \nPublished : Oct. 24, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the \"enable_load_extension\" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Version 3.8.3 fixes this issue. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T00:21:40.000000Z"}, {"uuid": "4784d70d-2bea-45ce-922f-6173ec032851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47880", "type": "seen", "source": "https://t.me/cvedetector/8861", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47880 - OpenRefine Remote Code Execution via `export-rows` Command\", \n  \"Content\": \"CVE ID : CVE-2024-47880 \nPublished : Oct. 24, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains  embedded JavaScript code. This code would then be included in the response, along with an attacker-controlled `Content-Type` header, and so potentially executed in the victim's browser as if it was part of OpenRefine. The attacker-provided code can do anything the user can do, including deleting projects, retrieving database passwords, or executing arbitrary Jython or Closure expressions, if those extensions are also present. The attacker must know a valid project ID of a project that contains at least one row. Version 3.8.3 fixes the issue. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T00:21:39.000000Z"}, {"uuid": "fc8fcd3d-1916-4ced-9b94-9b6a211ae7d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47885", "type": "seen", "source": "https://t.me/cvedetector/7859", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47885 - Astro DOM Clobbering Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47885 \nPublished : Oct. 14, 2024, 7:15 p.m. | 21\u00a0minutes ago \nDescription : The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting (XSS) in websites enables Astro's client-side routing and has *stored* attacker-controlled scriptless HTML elements (i.e., `iframe` tags with unsanitized `name` attributes) on the destination pages. This vulnerability can result in cross-site scripting (XSS) attacks on websites that built with Astro that enable the client-side routing with `ViewTransitions` and store the user-inserted scriptless HTML tags without properly sanitizing the `name` attributes on the page. Version 4.16.1 contains a patch for this issue. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-14T21:42:09.000000Z"}, {"uuid": "d895fce7-c3d9-4f9d-9eca-007ac3a6eb71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47887", "type": "seen", "source": "https://t.me/cvedetector/8122", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47887 - Rails Action Pack HTTP Token Authentication ReDoS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47887 \nPublished : Oct. 16, 2024, 8:15 p.m. | 35\u00a0minutes ago \nDescription : Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may choose to use Ruby 3.2 as a workaround.Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T23:05:06.000000Z"}, {"uuid": "e86cbbf6-71f3-4c2b-a3d0-068592cbbb71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47889", "type": "seen", "source": "https://t.me/cvedetector/8125", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47889 - Rails Block Format Redos Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47889 \nPublished : Oct. 16, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling the `block_format` helper or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T23:55:16.000000Z"}, {"uuid": "2b5558ea-ae41-4205-b625-8280b0a2c7b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-47882", "type": "published-proof-of-concept", "source": "https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-j8hp-f2mj-586g", "content": "", "creation_timestamp": "2024-10-24T06:11:21.000000Z"}, {"uuid": "39ae67dc-0e93-4b0a-857e-261b41f751a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-47881", "type": "published-proof-of-concept", "source": "https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-87cf-j763-vvh8", "content": "", "creation_timestamp": "2024-10-24T06:10:11.000000Z"}, {"uuid": "55726eba-2f11-4155-a68f-b4a237b59fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-47880", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-79jv-5226-783f", "content": "", "creation_timestamp": "2024-10-24T18:00:06.000000Z"}, {"uuid": "c30e247d-95f4-4be8-b5ba-a0145ed46ab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-47883", "type": "published-proof-of-concept", "source": "https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-3p8v-w8mr-m3x8", "content": "", "creation_timestamp": "2024-10-24T04:46:36.000000Z"}]}