apk package
chainguard/geoserver-2.28-community
pkg:apk/chainguard/geoserver-2.28-community
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-38828 | Med | 5.3 | < 2.28.1-r1 | 2.28.1-r1 | Nov 18, 2024 | Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. | |
| CVE-2023-35042 | — | < 2.28.0-r0 | 2.28.0-r0 | Jun 12, 2023 | GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in | ||
| CVE-2020-11971 | — | < 2.28.2-r3 | 2.28.2-r3 | May 14, 2020 | Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. | ||
| CVE-2016-1000027 | — | < 0 | 0 | Jan 2, 2020 | Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NO |
- affected < 2.28.1-r1fixed 2.28.1-r1
Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.
- CVE-2023-35042Jun 12, 2023affected < 2.28.0-r0fixed 2.28.0-r0
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in
- CVE-2020-11971May 14, 2020affected < 2.28.2-r3fixed 2.28.2-r3
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
- CVE-2016-1000027Jan 2, 2020affected < 0fixed 0
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NO
Page 2 of 2