VYPR

Core Geonetwork

by Geonetwork

Source repositories

CVEs (2)

  • CVE-2021-28398HigSep 5, 2022
    risk 0.47cvss 7.2epss 0.01

    A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in…

  • CVE-2022-50899Jan 13, 2026
    risk 0.00cvss epss 0.00

    Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to…