CVE-2024-40625

Medium CVSS: 5.5

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.

Vendor

Osgeo

Product

Geoserver

CWE

CWE-918

Yayın Tarihi

2025-06-10 15:15:23

Güncelleme

2025-08-26 16:22:20

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Geoserver MEDIUM Osgeo 2025

Referanslar

https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2 https://osgeo-org.atlassian.net/browse/GEOS-11468 https://osgeo-org.atlassian.net/browse/GEOS-11717

Benzer Kayıtlar

Medium

CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a h…

High

CVE-2022-50899

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to re…

High

CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive Property…

High

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be…

Medium

CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the def…

High

CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It poss…