VYPR

PyPI package

geonode

pkg:pypi/geonode

Vulnerabilities (3)

  • CVE-2023-42439Sep 15, 2023
    affected >= 3.2.0, < 4.1.3.post1fixed 4.1.3.post1

    GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full r

  • CVE-2023-40017Aug 24, 2023
    affected >= 3.2.0, < 4.2.0fixed 4.2.0

    GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan in

  • CVE-2023-26043Feb 27, 2023
    affected < 4.0.3fixed 4.0.3

    GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been