86 matches found
CVE-2023-26043 XML External Entity (XXE) injection in GeoServer style upload functionality
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...
CVE-2023-26043 XML External Entity (XXE) injection in GeoServer style upload functionality
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...
CVE-2023-26043 XML External Entity (XXE) injection in GeoServer style upload functionality
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...
CVE-2023-26043
CVE-2023-26043 is an XXE injection in GeoNode’s GeoServer style upload pathway that can lead to an authenticated Arbitrary File Read. The vulnerability stems from the server-side parsing of user-supplied SLD files (style uploads) without proper entity resolution, enabling an attacker to read file...
GeoServer 代码问题漏洞
GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoNode versions prior to 4.0.3, which stems from the presence of an XML External Entity XXE injection vulnerability that can be exploited by an...
celery-smartbase (>=0.3.1 <=0.3.3), doccano (>=1.6.0 <=1.8.0) +5 more potentially affected by CVE-2020-17495 via django-celery-results (>=2.2.0 <=2.3.1)
django-celery-results PYPI version =2.2.0, =0.3.1, =1.6.0, =3.3.3, =1.3.4.7, =1.0.3, =3.6.0, =3.7.3 - vmcenter =1.2.0rc3 Source cves: CVE-2020-17495 Source advisory: OSV:GHSA-FVX8-V524-8579...