VYPR

apk package

chainguard/geoserver-2.27-community

pkg:apk/chainguard/geoserver-2.27-community

Vulnerabilities (24)

  • CVE-2024-38828MedNov 18, 2024
    affected < 2.27.3-r0fixed 2.27.3-r0

    Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.

  • CVE-2023-35042Jun 12, 2023
    affected < 2.27.3-r0fixed 2.27.3-r0

    GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in

  • CVE-2020-11971May 14, 2020
    affected < 2.27.5-r2fixed 2.27.5-r2

    Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

  • CVE-2016-1000027Jan 2, 2020
    affected < 0fixed 0

    Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NO

Page 2 of 2