VYPR
High severityNVD Advisory· Published Oct 24, 2023· Updated Sep 17, 2024

WPS Server Side Request Forgery in GeoServer

CVE-2023-43795

Description

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.geoserver.extension:gs-wps-coreMaven
< 2.22.52.22.5
org.geoserver.extension:gs-wps-coreMaven
>= 2.23.0, < 2.23.22.23.2

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.