5 matches found
EUVD-2021-15078
Malware in sbrugna...
CVE-2021-28398
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...
CVE-2021-28398
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...
Command injection
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...
CVE-2021-28398
GeoNetwork vulnerable in versions before 3.12.0 and 4.x before 4.0.4 due to the directory harvester before-script executing arbitrary OS commands via LocalFilesystemHarvester.runBeforeScript. Earliest affected: 3.4.0. Impact: remote command execution with high privileges; requires User Administra...