86 matches found
EUVD-2026-21581
GeoNode contains a server-side request forgery vulnerability in the service registration endpoint...
GHSA-HW9R-6M78-W6H3 GeoNode contains a server-side request forgery vulnerability in the service registration endpoint
GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...
Server-side Request Forgery (SSRF)
Overview geonode is an application for serving and sharing geospatial data Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the service registration endpoint. An attacker can access internal network resources and sensitive endpoints by submitting crafted...
GeoNode contains a server-side request forgery vulnerability in the service registration endpoint
GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...
CVE-2026-39922
GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...
CVE-2026-39921
GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the docurl parameter during document upload...
GHSA-V8F7-CG9P-W5JX Duplicate Advisory: GeoNode contains a server-side request forgery vulnerability in the service registration endpoint
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hw9r-6m78-w6h3. This link is maintained to preserve external references. Original Description GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability in the...
Duplicate Advisory: GeoNode contains a server-side request forgery vulnerability in the service registration endpoint
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hw9r-6m78-w6h3. This link is maintained to preserve external references. Original Description GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability in the...
PYSEC-2026-61
GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...
PYSEC-2026-61
GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...
CVE-2026-39922
GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...
CVE-2026-39922 GeoNode SSRF via Service Registration
GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...
CVE-2026-39922
CVE-2026-39922 affects GeoNode 4.x (pre-4.4.5) and 5.x (pre-5.0.2). The issue is a server-side request forgery in the service registration endpoint, allowing authenticated attackers to submit crafted service URLs to trigger outbound requests to arbitrary URLs via the WMS service handler, bypassin...
CVE-2026-39921 GeoNode < 4.4.5, 5.0.2 SSRF via Document Upload
GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the docurl parameter during document upload...
CVE-2026-39921
Technical details about CVE-2026-39921 (affected GeoNode versions, exact exploit steps, and remediation specifics) are not publicly provided in the supplied documents. Monitor for updates from official advisories.
CVE-2026-39921 GeoNode < 4.4.5, 5.0.2 SSRF via Document Upload
GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the docurl parameter during document upload...
PT-2026-32034
Name of the Vulnerable Software and Affected Versions GeoNode versions 4.0 through 4.4.5 and 5.0 through 5.0.2 Description GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 are affected by a server-side request forgery issue in the service registration endpoint. Authenticated attackers can...
GeoNode 代码问题漏洞
GeoNode is an open-source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Versions of GeoNode prior to 4.4.5 and 5.0.2 have code vulnerabilities due to insufficient validation of the docurl parameter, which may lead to server-side request forgeing attack...
GeoNode 代码问题漏洞
GeoNode is an open-source platform developed by GeoNode, designed to facilitate the creation, sharing, and collaborative use of geospatial data. Versions of GeoNode prior to 4.4.5 and 5.0.2 contained code vulnerabilities. These vulnerabilities stemmed from insufficient validation of service...
CVE-2023-40017
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...