Summary
Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE)
Usage of the Butterfly.prototype.parseJSON or getJSON functions on an attacker-controlled crafted input string allows the attacker to execute arbitrary JavaScript code on the server.
Since Butterfly JavaScript code has access to Java classes, it can run arbitrary programs.
Details
The parseJSON function (edu/mit/simile/butterfly/Butterfly.js:64) works by calling eval, an approach that goes back to the original library by Crockford, before JSON was part of the ECMAScript language. It uses a regular expression to remove strings from the input, then checks that there are no unexpected characters in the non-string remainder.
However, the regex is imperfect, as was discovered earlier by Mike Samuel; specifically, the "cleaner" can be tricked into treating part of the input as a string that the "evaluator" does not, because of a difference in interpretation regarding the the Unicode zero-width joiner character. Representing that character with a visible symbol, a malicious input looks like:
"\�\", Packages.java.lang.Runtime.getRuntime().exec('gnome-calculator')) // "
This is understood...
- by
JSON_cleaning_REas a single string, and because it is a string it can be collapsed to nothing, which is not problematic, so the original input proceeds toeval. - by the
evalfunction, which ignores zero-width joiners entirely, as a string containing a single escaped backslash, followed by a comma, then a function call, closing parenthesis, and finally a line comment.
The function call is evaluated, and a calculator is opened.
Possible mitigations and additional defenses could include:
- Replacing the JSON implementation with Rhino's built-in implementation.
- Dropping all JSON-related and JSONP-related code entirely.
- Restricting the access the JavaScript controller code has to the rest of the system by using
initSafeStandardObjectsinstead ofinitStandardObjects, usingsetClassShutter, and so on.
PoC
Change OpenRefine core controller.js to add a call to the vulnerable getJSON function:
diff --git a/main/webapp/modules/core/MOD-INF/controller.js b/main/webapp/modules/core/MOD-INF/controller.js
index 4ceba0676..1ce0936d2 100644
--- a/main/webapp/modules/core/MOD-INF/controller.js
+++ b/main/webapp/modules/core/MOD-INF/controller.js
@@ -631,0 +632,5 @@ function process(path, request, response) {
+ if (path == "getjsontest") {
+ butterfly.getJSON(request);
+ return true;
+ }
+
Then, restart OpenRefine and submit the malicious request. For example, the following bash command (with $' quoting) should do it:
curl -H 'Content-Type: application/json;charset=utf-8' --data $'"\\\u200d\\", Packages.java.lang.Runtime.getRuntime().exec(\'gnome-calculator\')) // "' http://localhost:3333/getjsontest
Impact
Any JavaScript controller that calls one of these functions is vulnerable to remote code execution.
OpenRefine itself seems unaffected; both OpenRefine and jQuery have their own functions also called parseJSON and getJSON, but those are unrelated.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Already deployed Kodem?
See it in your environmentNew to Kodem? Get a demo →Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is GHSA-MPCW-3J5P-P99X? GHSA-MPCW-3J5P-P99X is a medium-severity security vulnerability in org.openrefine.dependencies:butterfly (maven), affecting versions < 1.2.6. It is fixed in 1.2.6.
- Which versions of org.openrefine.dependencies:butterfly are affected by GHSA-MPCW-3J5P-P99X? org.openrefine.dependencies:butterfly (maven) versions < 1.2.6 is affected.
- Is there a fix for GHSA-MPCW-3J5P-P99X? Yes. GHSA-MPCW-3J5P-P99X is fixed in 1.2.6. Upgrade to this version or later.
- Is GHSA-MPCW-3J5P-P99X exploitable, and should I be worried? Whether GHSA-MPCW-3J5P-P99X is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether GHSA-MPCW-3J5P-P99X is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix GHSA-MPCW-3J5P-P99X? Upgrade
org.openrefine.dependencies:butterflyto 1.2.6 or later.