Maven package
org.geoserver/gs-main
pkg:maven/org.geoserver/gs-main
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-34696 | — | >= 2.10.0, < 2.24.4 | 2.24.4 | Jul 1, 2024 | GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with a | ||
| CVE-2024-23640 | — | < 2.23.3 | 2.23.3 | Mar 20, 2024 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privil | ||
| CVE-2023-41877 | — | <= 2.23.4 | — | Mar 20, 2024 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for l | ||
| CVE-2021-40822 | — | <= 2.18.5 | — | May 1, 2022 | GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | ||
| CVE-2022-24847 | — | >= 2.20.0, < 2.20.4 | 2.20.4 | Apr 13, 2022 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code executio | ||
| CVE-2008-7227 | — | < 1.6.1 | 1.6.1 | Sep 14, 2009 | PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors. |
- CVE-2024-34696Jul 1, 2024affected >= 2.10.0, < 2.24.4fixed 2.24.4
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with a
- CVE-2024-23640Mar 20, 2024affected < 2.23.3fixed 2.23.3
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privil
- CVE-2023-41877Mar 20, 2024affected <= 2.23.4
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for l
- CVE-2021-40822May 1, 2022affected <= 2.18.5
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
- CVE-2022-24847Apr 13, 2022affected >= 2.20.0, < 2.20.4fixed 2.20.4
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code executio
- CVE-2008-7227Sep 14, 2009affected < 1.6.1fixed 1.6.1
PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.