Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GeoNode < 4.4.5, 5.0.2 SSRF via Document Upload
Vulnerability Description
GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the doc_url parameter during document upload. Attackers can supply URLs pointing to internal network targets, loopback addresses, RFC1918 addresses, or cloud metadata services to cause the server to make requests to internal resources without SSRF mitigations such as private IP filtering or redirect validation.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
GeoNode 代码问题漏洞
Vulnerability Description
GeoNode是一个开源平台,可促进地理空间数据的创建、共享和协作使用。 GeoNode 4.4.5之前版本和5.0.2之前版本存在代码问题漏洞,该漏洞源于doc_url参数验证不足,可能导致服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A