pkg:maven/org.geoserver.web/gs-web-app
Type
maven
Namespace
org.geoserver.web
Name
gs-web-app
Known advisories, vulnerabilities and fixes for org.geoserver.web/gs-web-app package.
Critical
1
High
1
Moderate
3
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | < 2.23.6 >= 2.25.0, < 2.25.2 >= 2.24.0, < 2.24.4 |
CVE-2024-36401
|
 MAVEN:GHSA-6JJ6-GM7P-FCVV
|
Remote Code Execution (RCE) vulnerability in geoserver | critical |
2024-07-01T20:34:50
(2 months ago) |
|
| Fixed | = 2.23.6 = 2.25.2 = 2.24.4 |
CVE-2024-36401
|
MAVEN:GHSA-6JJ6-GM7P-FCVV
|
Remote Code Execution (RCE) vulnerability in geoserver | critical |
2024-07-01T20:34:50
(2 months ago) |
|
| Affected | < 1.6.1 |
CVE-2008-7227
|
MAVEN:GHSA-8HMH-MHQV-7638
|
PartialBufferOutputStream2 flush issues | moderate |
2022-05-17T05:51:58
(2 years ago) |
|
| Fixed | = 1.6.1 |
CVE-2008-7227
|
MAVEN:GHSA-8HMH-MHQV-7638
|
PartialBufferOutputStream2 flush issues | moderate |
2022-05-17T05:51:58
(2 years ago) |
|
| Affected | >= 2.23.0, < 2.23.2 |
CVE-2023-41339
|
MAVEN:GHSA-CQPC-X2C6-2GMF
|
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF | moderate |
2023-10-24T19:20:34
(10 months ago) |
|
| Fixed | = 2.23.2 |
CVE-2023-41339
|
MAVEN:GHSA-CQPC-X2C6-2GMF
|
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF | moderate |
2023-10-24T19:20:34
(10 months ago) |
|
| Affected | >= 2.25.0, < 2.25.1 >= 2.10.0, < 2.24.4 |
CVE-2024-34696
|
MAVEN:GHSA-J59V-VGCR-HXVF
|
GeoServer's Server Status shows sensitive environmental variables and Java properties | moderate |
2024-07-01T19:20:57
(2 months ago) |
|
| Fixed | = 2.25.1 = 2.24.4 |
CVE-2024-34696
|
MAVEN:GHSA-J59V-VGCR-HXVF
|
GeoServer's Server Status shows sensitive environmental variables and Java properties | moderate |
2024-07-01T19:20:57
(2 months ago) |
|
| Affected | >= 2.24.0, < 2.24.3 < 2.23.5 |
CVE-2024-24749
|
MAVEN:GHSA-JHQX-5V5G-MPF3
|
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat | high |
2024-07-01T19:24:04
(2 months ago) |
|
| Fixed | = 2.24.3 = 2.23.5 |
CVE-2024-24749
|
MAVEN:GHSA-JHQX-5V5G-MPF3
|
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat | high |
2024-07-01T19:24:04
(2 months ago) |