Maven package
org.geoserver/gs-gwc
pkg:maven/org.geoserver/gs-gwc
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-38524 | — | >= 2.26.0, < 2.26.2 | 2.26.2 | Jun 10, 2025 | GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system prop | ||
| CVE-2024-24749 | — | < 2.23.5 | 2.23.5 | Jul 1, 2024 | GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation | ||
| CVE-2024-23821 | — | >= 2.24.0, < 2.24.1 | 2.24.1 | Mar 20, 2024 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privil |
- CVE-2024-38524Jun 10, 2025affected >= 2.26.0, < 2.26.2fixed 2.26.2
GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system prop
- CVE-2024-24749Jul 1, 2024affected < 2.23.5fixed 2.23.5
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation
- CVE-2024-23821Mar 20, 2024affected >= 2.24.0, < 2.24.1fixed 2.24.1
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privil