GeoServer 代码问题漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer that stems from improper handling of XML external entities, which could lead to information disclosure...

GeoServer 代码问题漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer that stems from the Coverage rest api not restricting the URL for uploading files, which could lead to an attacker...

GeoServer 安全漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer that stems from a REST API security bypass that could lead to information disclosure...

PT-2025-24660 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.24.4 GeoServer versions prior to 2.25.2 Description: The issue allows for Service Side Request Forgery SSRF via the Demo request endpoint if the Proxy Base URL has not been set. This can be used by an...

PT-2025-24661 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.25.0 Description: An improper URI validation vulnerability exists in GeoServer, enabling an unauthorized attacker to perform XML External Entities XEE attacks and send GET requests to any HTTP server. By default,...

GeoServer 信息泄露漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. An information disclosure vulnerability exists in GeoServer that stems from not hiding potentially sensitive information, which could lead to disclosure of storage...

PT-2025-24672 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.25.7 GeoServer versions prior to 2.26.3 GeoServer versions prior to 2.27.0 Description: The issue allows malicious Jiffle scripts to be executed, potentially triggering a denial of service through an infinite loo...

GeoServer 代码问题漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer, which originates from a server-side request forgery that can be achieved through the Demo request endpoint when the...

PT-2025-24662 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.25.6 GeoServer versions prior to 2.26.2 Description: The GeoWebCache home page includes version and revision information about the software in use, which is sensitive from a security point of view as it allows th...

PT-2025-24671 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.25.6 GeoServer versions prior to 2.26.3 Description: The issue allows bypassing the default REST API security, enabling access to the index page. This is possible because the REST API security does not handle...

PT-2025-24673

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.27.1 GeoServer versions prior to 2.26.3 GeoServer versions prior to 2.25.7 GeoTools versions prior to 33.1 GeoTools versions prior to 32.3 GeoTools versions prior to 31.7 GeoTools versions prior to 28.6.1 GeoNetwo...

CVE-2024-23643

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

CVE-2024-23821

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

CVE-2024-34696

GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...

CVE-2024-23819

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

CVE-2024-23640

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...

CVE-2024-23642

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

CVE-2024-23818

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

CVE-2024-23634

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...

CVE-2024-35230

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use including library and components used. This information is sensitive...