CVE-2026-27818

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

GHSA-W789-49FC-V8HR TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

Impact A validation bug allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. The validation only checks if a hostname ended with an allowed domain. This meant: If example.com is allowed in proxyableDomains: - ✅ example.com is allowed correct - ✅...

EUVD-2026-8783

TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist...

TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

Impact A validation bug allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. The validation only checks if a hostname ended with an allowed domain. This meant: If example.com is allowed in proxyableDomains: - ✅ example.com is allowed correct - ✅...

Server-side Request Forgery (SSRF)

Overview terriajs-server is a basic NodeJS Express server that serves up a not included static TerriaJS-based site such as National Map with a few additional useful services. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to improper validation in the...

rer3d-map (>=1.5.1 <=1.8.0), terriajs-map (=0.0.1) potentially affected by CVE-2026-27818 via terriajs-server (=2.9.2)

terriajs-server NPM version =2.9.2 is affected by a known vulnerability. The following packages have a transitive dependency on terriajs-server and may be impacted: - rer3d-map =1.5.1, =1.8.0 - terriajs-map =0.0.1 Source cves: CVE-2026-27818 Source advisory: OSV:GHSA-W789-49FC-V8HR...

CVE-2026-27818

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

CVE-2026-27818

TerriaJS-Server (Node.js Express) has a validation bug in versions prior to 4.0.3 that allows proxying of domains not explicitly allowed in the proxyableDomains allowlist. The issue is fixed in version 4.0.3. Impact is that unapproved domains could be proxied; explicit exploit details or in‑the‑w...

CVE-2026-27818 TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

CVE-2026-27818

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

CVE-2026-27818 TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

CVE-2026-27818 TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

PT-2026-22060

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

terriajs-server 代码问题漏洞

terriajs-server is a NodeJS Express server developed by Terria. Versions of terriajs-server prior to 4.0.3 contained code vulnerabilities due to validation errors, which could allow unauthorized domains to be accessed through the proxy...

GHSA-P72P-RJR2-R439 Server-Side Request Forgery in terriajs-server

Versions of terriajs-serverprior to 2.7.4 are vulnerable to Server-Side Request Forgery SSRF. If an attacker has access to a server whitelisted by the terriajs-server proxy or if the attacker is able to modify the DNS records of a domain whitelisted by the terriajs-server proxy, the attacker can...

Server-Side Request Forgery in terriajs-server

Versions of terriajs-serverprior to 2.7.4 are vulnerable to Server-Side Request Forgery SSRF. If an attacker has access to a server whitelisted by the terriajs-server proxy or if the attacker is able to modify the DNS records of a domain whitelisted by the terriajs-server proxy, the attacker can...

Server-Side Request Forgery (SSRF)

terriajs-server is vulnerable to server-side request forgery SSRF. An attacker is able to use the terriajs-server proxy to access any resource, including private resources in the hosting environment, which is accessible from the server, on the condition that the attacker has access to a server th...

Server-Side Request Forgery

Overview Versions of terriajs-serverprior to 2.7.4 are vulnerable to Server-Side Request Forgery SSRF. If an attacker has access to a server allowed by the terriajs-server proxy or if the attacker is able to modify the DNS records of a domain allowed by the terriajs-server proxy, the attacker can...