1. Home
  2. Packages
  3. maven
  4. org.geoserver
  5. gs-wms

pkg:maven/org.geoserver/gs-wms

Type maven
Namespace org.geoserver
Name gs-wms

Known advisories, vulnerabilities and fixes for org.geoserver/gs-wms package.

Repository
https://mvnrepository.com/artifact/org.geoserver/gs-wms
Critical 2
Moderate 3
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected >= 2.20.0, < 2.20.4 >= 2.19.0, < 2.19.6 < 2.18.6 CVE-2023-35042
maven MAVEN:GHSA-59X6-G4JR-4HXC GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language critical 2023-06-12T15:30:29
(15 months ago)
Fixed = 2.20.4 = 2.19.6 = 2.18.6 CVE-2023-35042
maven MAVEN:GHSA-59X6-G4JR-4HXC GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language critical 2023-06-12T15:30:29
(15 months ago)
Affected < 2.23.6 >= 2.25.0, < 2.25.2 >= 2.24.0, < 2.24.4 CVE-2024-36401
maven MAVEN:GHSA-6JJ6-GM7P-FCVV Remote Code Execution (RCE) vulnerability in geoserver critical 2024-07-01T20:34:50
(2 months ago)
Fixed = 2.23.6 = 2.25.2 = 2.24.4 CVE-2024-36401
maven MAVEN:GHSA-6JJ6-GM7P-FCVV Remote Code Execution (RCE) vulnerability in geoserver critical 2024-07-01T20:34:50
(2 months ago)
Affected >= 2.23.0, < 2.23.2 < 2.22.5 CVE-2023-41339
maven MAVEN:GHSA-CQPC-X2C6-2GMF Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF moderate 2023-10-24T19:20:34
(10 months ago)
Fixed = 2.23.2 = 2.22.5 CVE-2023-41339
maven MAVEN:GHSA-CQPC-X2C6-2GMF Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF moderate 2023-10-24T19:20:34
(10 months ago)
Affected >= 2.24.0, < 2.24.1 < 2.23.3 CVE-2024-23818
maven MAVEN:GHSA-FCPM-HCHJ-MH72 GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) moderate 2024-03-20T15:15:17
(6 months ago)
Fixed = 2.24.1 = 2.23.3 CVE-2024-23818
maven MAVEN:GHSA-FCPM-HCHJ-MH72 GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) moderate 2024-03-20T15:15:17
(6 months ago)
Affected >= 2.24.0, < 2.24.1 < 2.23.4 CVE-2024-23642
maven MAVEN:GHSA-FG9V-56HW-G525 GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) moderate 2024-03-20T15:08:29
(6 months ago)
Fixed = 2.24.1 = 2.23.4 CVE-2024-23642
maven MAVEN:GHSA-FG9V-56HW-G525 GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) moderate 2024-03-20T15:08:29
(6 months ago)