CVE-2024-35230: Welcome and About GeoServer pages communicate version and revision information
(updated )
The welcome and about page includes version and revision information about the software in use (including library and components used).
This information is sensitive from a security point of view because it allows software used by the server to be easily identified.
References
- github.com/advisories/GHSA-6pfc-w86r-54q6
- github.com/geoserver/geoserver
- github.com/geoserver/geoserver/commit/5fd5f35ae176eff3cc4667a5cf48e4bf5dc4ea99
- github.com/geoserver/geoserver/commit/74fdab745a5deff20ac99abca24d8695fe1a52f8
- github.com/geoserver/geoserver/commit/8cd1590a604a10875de67b04995f1952f631f920
- github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6
- nvd.nist.gov/vuln/detail/CVE-2024-35230
Detect and mitigate CVE-2024-35230 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →