Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GeoNode SSRF via Service Registration
Vulnerability Description
GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL during form validation. Attackers can probe internal network targets including loopback addresses, RFC1918 private IP ranges, link-local addresses, and cloud metadata services by exploiting insufficient URL validation in the WMS service handler without private IP filtering or allowlist enforcement.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
GeoNode 代码问题漏洞
Vulnerability Description
GeoNode是GeoNode开源的一个开源平台,可促进地理空间数据的创建、共享和协作使用。 GeoNode 4.4.5之前版本和5.0.2之前版本存在代码问题漏洞,该漏洞源于服务注册端点URL验证不足,可能导致服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A