pkg:maven/org.geoserver.web/gs-web-app
Type
maven
Namespace
org.geoserver.web
Name
gs-web-app
Known advisories, vulnerabilities and fixes for org.geoserver.web/gs-web-app package.
Critical
1
High
1
Moderate
3
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 2.23.6 >= 2.25.0, < 2.25.2 >= 2.24.0, < 2.24.4 |
CVE-2024-36401
|
MAVEN:GHSA-6JJ6-GM7P-FCVV | Remote Code Execution (RCE) vulnerability in geoserver | critical |
2024-07-01T20:34:50
(2 months ago) |
|
Fixed | = 2.23.6 = 2.25.2 = 2.24.4 |
CVE-2024-36401
|
MAVEN:GHSA-6JJ6-GM7P-FCVV | Remote Code Execution (RCE) vulnerability in geoserver | critical |
2024-07-01T20:34:50
(2 months ago) |
|
Affected | < 1.6.1 |
CVE-2008-7227
|
MAVEN:GHSA-8HMH-MHQV-7638 | PartialBufferOutputStream2 flush issues | moderate |
2022-05-17T05:51:58
(2 years ago) |
|
Fixed | = 1.6.1 |
CVE-2008-7227
|
MAVEN:GHSA-8HMH-MHQV-7638 | PartialBufferOutputStream2 flush issues | moderate |
2022-05-17T05:51:58
(2 years ago) |
|
Affected | >= 2.23.0, < 2.23.2 |
CVE-2023-41339
|
MAVEN:GHSA-CQPC-X2C6-2GMF | Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF | moderate |
2023-10-24T19:20:34
(10 months ago) |
|
Fixed | = 2.23.2 |
CVE-2023-41339
|
MAVEN:GHSA-CQPC-X2C6-2GMF | Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF | moderate |
2023-10-24T19:20:34
(10 months ago) |
|
Affected | >= 2.25.0, < 2.25.1 >= 2.10.0, < 2.24.4 |
CVE-2024-34696
|
MAVEN:GHSA-J59V-VGCR-HXVF | GeoServer's Server Status shows sensitive environmental variables and Java properties | moderate |
2024-07-01T19:20:57
(2 months ago) |
|
Fixed | = 2.25.1 = 2.24.4 |
CVE-2024-34696
|
MAVEN:GHSA-J59V-VGCR-HXVF | GeoServer's Server Status shows sensitive environmental variables and Java properties | moderate |
2024-07-01T19:20:57
(2 months ago) |
|
Affected | >= 2.24.0, < 2.24.3 < 2.23.5 |
CVE-2024-24749
|
MAVEN:GHSA-JHQX-5V5G-MPF3 | Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat | high |
2024-07-01T19:24:04
(2 months ago) |
|
Fixed | = 2.24.3 = 2.23.5 |
CVE-2024-24749
|
MAVEN:GHSA-JHQX-5V5G-MPF3 | Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat | high |
2024-07-01T19:24:04
(2 months ago) |