5 results (0.251 seconds)

CVSS: 10.0EPSS: 95%CPEs: 6EXPL: 22

01 Jul 2024 — GeoServer is an open source server that allows users to share and edit geospatial data. ... A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed. ... Existe una workaround eliminand... • https://github.com/jakabakos/CVE-2024-36401-GeoServer-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

15 Sep 2023 — The bypass will trick the application that the first host is a whitelisted address, but the browser will use `@` or `%40` as a credential to the host geoserver on port 8080, this will return the data to that host on the response. • https://github.com/GeoNode/geonode/commit/79ac6e70419c2e0261548bed91c159b54ff35b8d • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

27 Feb 2023 — GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. • https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 10.0EPSS: 54%CPEs: 5EXPL: 6

21 Feb 2023 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. • https://github.com/dr-cable-tv/Geoserver-CVE-2023-25157 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 77%CPEs: 2EXPL: 1

01 May 2022 — GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. GeoServer versiones hasta 2.18.5 y versiones 2.19.x hasta 2.19.2, permite un ataque de tipo SSRF por medio de la opción de establecer un host proxy • https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3 • CWE-918: Server-Side Request Forgery (SSRF) •