3 matches found
CVE-2026-42351
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories...
pygeoapi 路径遍历漏洞
pygeoapi is a geospatial data API server developed by Geopython. In versions 0.23.0 to 0.23.3 of pygeoapi, there was a path traversal vulnerability. This vulnerability originated from a raw string concatenation vulnerability in the STAC FileSystemProvider plugin, which could lead to the exposure ...
GHSA-F6PR-83PG-GHH6 pygeoapi 0.23.x: Path Traversal in STAC FileSystemProvider
Impact A raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories without authentication. The issue manifests when pygeoapi is deployed without a proxy or web front end that would...