The vulnerability of the GeoWebCache ByteStreamController component in the software for administrative and publishing of geospatial data on the OSGeo GeoServer server allows a perpetrator to circumvent existing security restrictions.

The vulnerability of the GeoWebCache ByteStreamController component in the software for administrative and publishing of geospatial data on the OSGeo GeoServer server is related to an incorrect limitation on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious...

GeoServer Security Vulnerabilities

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer that stems from the fact that if GeoServer is deployed in a Windows operating system using the Apache Tomcat web...

PT-2024-5226 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.5 and 2.24.3 Description: The issue is related to the GeoWebCache ByteStreamController class, where it is possible to bypass existing input validation and read arbitrary classpath resources with specific file...