Maven package
org.geoserver/gs-rest
pkg:maven/org.geoserver/gs-rest
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-27505 | — | >= 2.26.0, < 2.26.3 | 2.26.3 | Jun 10, 2025 | GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST | ||
| CVE-2024-40625 | — | < 2.26.0 | 2.26.0 | Jun 10, 2025 | GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restri |
- CVE-2025-27505Jun 10, 2025affected >= 2.26.0, < 2.26.3fixed 2.26.3
GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST
- CVE-2024-40625Jun 10, 2025affected < 2.26.0fixed 2.26.0
GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restri