Description

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.

Remediation

References

https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956

Related Vulnerabilities

CVE-2016-8750 Vulnerability in maven package org.apache.karaf.jaas:org.apache.karaf.jaas.modules

CVE-2023-39156 Vulnerability in maven package org.jenkins-ci.plugins:bazaar

CVE-2016-3723 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2021-28655 Vulnerability in maven package org.apache.zeppelin:zeppelin

CVE-2018-1000055 Vulnerability in maven package org.jvnet.hudson.plugins:android-lint

Severity

Critical

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mitigation Vendor Advisory