3 matches found
EUVD-2023-32130
Malicious code in bioql PyPI...
GHSA-H86G-X8MM-78M5 GeoServer Missing Authorization on REST API Index
Summary It is possible to bypass the default REST API security and access the index page. Details The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. Impact The REST API index can disclose whether certain extensions are installed. Workaround In...
CVE-2023-28442 Geoserver for GeoNode sensitive information leak
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the /geoserver/rest/about/status...