CVE-2021-28398
GeoNetwork vulnerable in versions before 3.12.0 and 4.x before 4.0.4 due to the directory harvester before-script executing arbitrary OS commands via LocalFilesystemHarvester.runBeforeScript. Earliest affected: 3.4.0. Impact: remote command execution with high privileges; requires User Administra...