Summary: The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.Published: Friday, December 14, 2018 - 19:29cvss: