Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GeoNetwork 操作系统命令注入漏洞
Vulnerability Description
GeoNetwork是GeoNetwork开源的一个目录应用程序。用于管理空间参考资源。 GeoNetwork 3.12.0 之前版本和 4.x系列 4.0.4之前版本存在安全漏洞,攻击者利用该漏洞可以使用目录收集器 before-script 在托管基础设施上远程执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A