1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From: Markus Koschany <apo@debian.org>
Date: Sat, 27 Sep 2025 16:40:21 +0200
Subject: CVE-2024-47882
Bug-Debian: https://bugs.debian.org/1086041
Origin: https://github.com/OpenRefine/OpenRefine/commit/b0d5dd0a6a40369593f4a6b593e3e0ffa213339e
---
main/src/com/google/refine/commands/HttpUtilities.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/main/src/com/google/refine/commands/HttpUtilities.java b/main/src/com/google/refine/commands/HttpUtilities.java
index defea78..faa64cc 100644
--- a/main/src/com/google/refine/commands/HttpUtilities.java
+++ b/main/src/com/google/refine/commands/HttpUtilities.java
@@ -41,6 +41,8 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.fasterxml.jackson.core.JsonGenerator;
+import com.google.common.escape.Escaper;
+import com.google.common.html.HtmlEscapers;
import com.google.refine.RefineServlet;
import com.google.refine.util.ParsingUtilities;
@@ -171,7 +173,8 @@ abstract public class HttpUtilities {
e.printStackTrace(new PrintWriter(writer));
- context.put("stack", writer.toString());
+ Escaper escaper = HtmlEscapers.htmlEscaper();
+ context.put("stack", escaper.escape(writer.toString()));
} else {
context.put("stack", "");
}
|
