49 matches found
CVE-2024-41118
The CVE-2024-41118 entry concerns the open-source project streamlit-geospatial, where prior to commit c4f81d9616d40c60584e36abb15300853a66e489 the url variable in pages/7_📦_Web_Map_Service.py accepts user input and passes it into get_layers, which uses get_wms_layer to send requests to arbitrary ...
streamlit-geospatial 代码问题漏洞
streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A code issue vulnerability exists in streamlit-geospatial that stems from pages/7? The url variable in WebMapService.py accepts user input that is passed to the getlayers...
PT-2024-29274 · Pypi · Streamlit-Geospatial
Name of the Vulnerable Software and Affected Versions: streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description: The issue allows for blind server-side request forgery due to the url variable taking user input, which is then used by the get wms layer meth...
CVE-2023-52104
Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2023-37241
Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart...
GeoServer OGC Filter SQL Injection Vulnerabilities
Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...
CVE-2023-25157
CVE-2023-25157 (GeoServer SQL Injection) is triggered by flaws in OGC Filter handling within GeoServer’s WFS/WMS/WCS inputs, enabling SQL injection via filters such as PropertyIsLike, strEndsWith, strStartsWith, jsonArrayContains, and FeatureId under certain datastore conditions. Public details c...
CVE-2022-23158
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server...
VulnCheck KEV: CVE-2023-25157
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols...