4 matches found
EUVD-2025-17814
Malicious code in bioql PyPI...
GHSA-68CF-J696-WVV9 GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx
Summary Missing checks allow for SSRF to specific targets using the TestWfsPost enpoint. Mitigation To manage the proxy base value as a system administrator, use the parameter PROXYBASEURL to provide a non-empty value that cannot be overridden by the user interface or incoming request.thomsmith...
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx
Summary Missing checks allow for SSRF to specific targets using the TestWfsPost enpoint. Mitigation To manage the proxy base value as a system administrator, use the parameter PROXYBASEURL to provide a non-empty value that cannot be overridden by the user interface or incoming request.thomsmith...
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
Summary It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Details A unauthenticated user can supply a request that will be issued by the server. This can be used to enumerate internal networks and also in the case of cloud...