None severity0.0NVD Advisory· Published Feb 11, 2025· Updated Apr 17, 2026
CVE-2024-32037
CVE-2024-32037
Description
GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.geonetwork-opensource:gn-servicesMaven | >= 4.4.0, < 4.4.5 | 4.4.5 |
org.geonetwork-opensource:gn-servicesMaven | < 4.2.10 | 4.2.10 |
Affected products
1Patches
2680b48cd1567d9f211c94a08Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-52rf-25hq-5m33ghsaADVISORY
- github.com/geonetwork/core-geonetwork/security/advisories/GHSA-52rf-25hq-5m33nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-32037ghsaADVISORY
- docs.geonetwork-opensource.org/4.4/api/searchnvdProductWEB
- github.com/geonetwork/core-geonetwork/releases/tag/4.2.10nvdRelease NotesWEB
- github.com/geonetwork/core-geonetwork/releases/tag/4.4.5nvdRelease NotesWEB
- www.cve.org/CVERecordghsaWEB
News mentions
0No linked articles in our index yet.