pkg:maven/org.geoserver/gs-wms
Type
maven
Namespace
org.geoserver
Name
gs-wms
Known advisories, vulnerabilities and fixes for org.geoserver/gs-wms package.
Critical
2
Moderate
3
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 2.20.0, < 2.20.4 >= 2.19.0, < 2.19.6 < 2.18.6 |
CVE-2023-35042
|
MAVEN:GHSA-59X6-G4JR-4HXC | GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language | critical |
2023-06-12T15:30:29
(15 months ago) |
|
Fixed | = 2.20.4 = 2.19.6 = 2.18.6 |
CVE-2023-35042
|
MAVEN:GHSA-59X6-G4JR-4HXC | GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language | critical |
2023-06-12T15:30:29
(15 months ago) |
|
Affected | < 2.23.6 >= 2.25.0, < 2.25.2 >= 2.24.0, < 2.24.4 |
CVE-2024-36401
|
MAVEN:GHSA-6JJ6-GM7P-FCVV | Remote Code Execution (RCE) vulnerability in geoserver | critical |
2024-07-01T20:34:50
(2 months ago) |
|
Fixed | = 2.23.6 = 2.25.2 = 2.24.4 |
CVE-2024-36401
|
MAVEN:GHSA-6JJ6-GM7P-FCVV | Remote Code Execution (RCE) vulnerability in geoserver | critical |
2024-07-01T20:34:50
(2 months ago) |
|
Affected | >= 2.23.0, < 2.23.2 < 2.22.5 |
CVE-2023-41339
|
MAVEN:GHSA-CQPC-X2C6-2GMF | Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF | moderate |
2023-10-24T19:20:34
(10 months ago) |
|
Fixed | = 2.23.2 = 2.22.5 |
CVE-2023-41339
|
MAVEN:GHSA-CQPC-X2C6-2GMF | Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF | moderate |
2023-10-24T19:20:34
(10 months ago) |
|
Affected | >= 2.24.0, < 2.24.1 < 2.23.3 |
CVE-2024-23818
|
MAVEN:GHSA-FCPM-HCHJ-MH72 | GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) | moderate |
2024-03-20T15:15:17
(6 months ago) |
|
Fixed | = 2.24.1 = 2.23.3 |
CVE-2024-23818
|
MAVEN:GHSA-FCPM-HCHJ-MH72 | GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) | moderate |
2024-03-20T15:15:17
(6 months ago) |
|
Affected | >= 2.24.0, < 2.24.1 < 2.23.4 |
CVE-2024-23642
|
MAVEN:GHSA-FG9V-56HW-G525 | GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) | moderate |
2024-03-20T15:08:29
(6 months ago) |
|
Fixed | = 2.24.1 = 2.23.4 |
CVE-2024-23642
|
MAVEN:GHSA-FG9V-56HW-G525 | GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) | moderate |
2024-03-20T15:08:29
(6 months ago) |