CVE-2026-42352

pygeoapi is vulnerable to SSRF via the OGC API - Process execution path in versions 0.23.0 up to 0.23.3. The issue arises from the subscriber object enabling requests to internal HTTP services. It has been patched in version 0.23.3. Affected releases include 0.23.0–0.23.2, with fixes in 0.23.3. M...

pygeoapi 代码问题漏洞

pygeoapi is a geospatial data API server developed by geopython. In versions 0.23.0 to 0.23.3 of pygeoapi, there were code-related vulnerabilities. These vulnerabilities stemmed from the OGC API process’s ability to use subscriber objects to access internal HTTP services during requests...

pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber

Impact OGC API - Process execution requests can use the subscriber object to requests to internal HTTP services. Patches The issue has been patched in master branch and made available as part of the 0.23.3 release. The patch disables any HTTP requests made to internal resources by default unless...

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that...

The vulnerability of the application software interface of the GeoTools library, used for managing and publishing geospatial data on the OSGeo GeoServer server, allows a perpetrator to execute arbitrary code.

The vulnerability of the application software interface of the GeoTools library, used for managing and publishing geospatial data on the OSGeo GeoServer server, is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a...

Debian DSA-5426-1 : owslib - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5426 advisory. - OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML...

CVE-2023-27476

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

OWSLib 代码问题漏洞

OWSLib is a Python package for client-side programming using the Open Geospatial Consortium OGC Web Services hence the name OWS interface standard and its associated content model. A code issue vulnerability exists in versions of OWSLib prior to 0.28.1 that stems from an XML parser that does not...

PyWPS 代码问题漏洞

PyWPS is an implementation of the Web Processing Services standard of the Open Geospatial Consortium OGC standards organization.PyWPS is written in Python. A code issue vulnerability exists in PyWPS versions prior to 4.5.0 that stems from XML External Entity XXE injection in the software. This...

VulnCheck KEV: CVE-2023-25157

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols...

DEBIAN-CVE-2011-2703

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to 1 OGC filter encoding or 2 WMS time support...