CVE-2023-26043

Improper Restriction of XML External Entity Reference in npm/geonode

Identifiers

CVE-2023-26043, GHSA-mcmc-c59m-pqq8

Package Slug

npm/geonode

Vulnerability

Improper Restriction of XML External Entity Reference

Description

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.

Affected Versions

All versions before 4.0.3

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-03-09

source