Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XML External Entity (XXE) injection in GeoServer style upload functionality
Vulnerability Description
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
GeoServer 代码问题漏洞
Vulnerability Description
GeoServer是一个用 Java 编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoNode 4.0.3之前版本存在安全漏洞,该漏洞源于存在XML外部实体(XXE)注入漏洞,攻击者利用该漏洞可以读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A