CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...

CVE-2024-40625

GeoServer's CVE-2024-40625 affects the Coverage REST API endpoint /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} where {method} = 'url' can upload arbitrary URLs without validation, enabling Server Side Request Forgery. The issue is tied to unfiltered file URL input and ...

GHSA-R4HF-R8GJ-JGW2 Coverage REST API Server Side Request Forgery

Summary The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allow to upload file with a specified url with method equals 'url' with no restrict. Details The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allow to upload file...

Coverage REST API Server Side Request Forgery

Summary The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allow to upload file with a specified url with method equals 'url' with no restrict. Details The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allow to upload file...

PT-2025-24663 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.26.0 Description: The issue concerns the Coverage REST API, specifically the endpoint "/workspaces/workspaceName/coveragestores/storeName/method.format", which allows attackers to upload files with a specified UR...