High severityNVD Advisory· Published Aug 24, 2023· Updated Oct 2, 2024
Geonode Server Side Request Forgery vulnerability
CVE-2023-40017
Description
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
geonodePyPI | >= 3.2.0, < 4.2.0 | 4.2.0 |
Affected products
2- GeoNode/geonodev5Range: >= 3.2.0, <= 4.1.2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-rmxg-6qqf-x8mrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-40017ghsaADVISORY
- github.com/GeoNode/geonode/commit/a9eebae80cb362009660a1fd49e105e7cdb499b9ghsax_refsource_MISCWEB
- github.com/GeoNode/geonode/security/advisories/GHSA-rmxg-6qqf-x8mrghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/geonode/PYSEC-2023-269.yamlghsaWEB
News mentions
0No linked articles in our index yet.