GHSA-2p76-gc46-5fvc: GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint
GeoNetwork WFS Index functionality is affected by GeoTools XML External Entity (XXE) vulnerability during schema validation.
This vulnerability is particularly severe as the REST API endpoint was not secured, potentially allowing unauthenticated attackers to read sensitive files
References
- github.com/advisories/GHSA-2p76-gc46-5fvc
- github.com/geonetwork/core-geonetwork
- github.com/geonetwork/core-geonetwork/pull/8757
- github.com/geonetwork/core-geonetwork/pull/8803
- github.com/geonetwork/core-geonetwork/pull/8812
- github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc
- github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw
Code Behaviors & Features
Detect and mitigate GHSA-2p76-gc46-5fvc with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →