GHSA-826p-4gcg-35vw: GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling

June 9, 2025

GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit.

References

github.com/advisories/GHSA-826p-4gcg-35vw
github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc
github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc
github.com/geotools/geotools
github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw

Code Behaviors & Features

Detect and mitigate GHSA-826p-4gcg-35vw with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →