SonarCloud discovered a critical Zip Slip vulnerability in OpenRefine, which can be exploited by tricking a user into importing a malicious project file, allowing an attacker to execute arbitrary code on the user's machine. The vulnerability was fixed with version 3.7.4. SonarCloud provides valuable guidance on how to mitigate this kind of vulnerability and prevent common pitfalls. The vulnerability is caused by inadequate path validation when extracting archives, which may allow attackers to overwrite existing files or extract files to unintended locations. OpenRefine's auto-reload feature can be leveraged by attackers to execute arbitrary code. To fix the vulnerability, it needs to be ensured that all files are extracted under the intended base folder, and using the `toPath` method effectively prevents files from being written outside the intended folder. SonarCloud helps developers detect and fix security vulnerabilities, including this one, providing comprehensive information for each raised issue.