CVE-2024-29198

High CVSS: 7.5

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue.

Vendor

Osgeo

Product

Geoserver

CWE

CWE-918

Yayın Tarihi

2025-06-10 15:15:22

Güncelleme

2025-08-26 16:25:00

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Geoserver HIGH Osgeo 2025

Referanslar

https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw https://osgeo-org.atlassian.net/browse/GEOS-11390 https://osgeo-org.atlassian.net/browse/GEOS-11794

Benzer Kayıtlar

Medium

CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a h…

High

CVE-2022-50899

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to re…

High

CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive Property…

High

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be…

Medium

CVE-2024-40625

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspace…

Medium

CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the def…