PyPI package
geonode
pkg:pypi/geonode
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-42439 | — | >= 3.2.0, < 4.1.3.post1 | 4.1.3.post1 | Sep 15, 2023 | GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full r | ||
| CVE-2023-40017 | — | >= 3.2.0, < 4.2.0 | 4.2.0 | Aug 24, 2023 | GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan in | ||
| CVE-2023-26043 | — | < 4.0.3 | 4.0.3 | Feb 27, 2023 | GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been |
- CVE-2023-42439Sep 15, 2023affected >= 3.2.0, < 4.1.3.post1fixed 4.1.3.post1
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full r
- CVE-2023-40017Aug 24, 2023affected >= 3.2.0, < 4.2.0fixed 4.2.0
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan in
- CVE-2023-26043Feb 27, 2023affected < 4.0.3fixed 4.0.3
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been