4 matches found
EUVD-2025-17687
Malicious code in bioql PyPI...
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx
Summary Missing checks allow for SSRF to specific targets using the TestWfsPost enpoint. Mitigation To manage the proxy base value as a system administrator, use the parameter PROXYBASEURL to provide a non-empty value that cannot be overridden by the user interface or incoming request.thomsmith...
CVE-2024-29198 GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...
CVE-2022-24847
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...