VYPR

apk package

chainguard/geoserver-2.28-docker

pkg:apk/chainguard/geoserver-2.28-docker

Vulnerabilities (4)

  • CVE-2025-68161Dec 18, 2025
    affected < 2.28.1-r3fixed 2.28.1-r3

    The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName co

  • CVE-2024-38819HigDec 19, 2024
    affected < 2.28.1-r1fixed 2.28.1-r1

    Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the S

  • CVE-2024-38828MedNov 18, 2024
    affected < 2.28.1-r1fixed 2.28.1-r1

    Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.

  • CVE-2023-35042Jun 12, 2023
    affected < 2.28.0-r0fixed 2.28.0-r0

    GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in