CVE-2023-26043: GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection
GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read.
References
- github.com/GeoNode/geonode
- github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0
- github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8
- github.com/advisories/GHSA-mcmc-c59m-pqq8
- github.com/pypa/advisory-database/tree/main/vulns/geonode/PYSEC-2023-15.yaml
- nvd.nist.gov/vuln/detail/CVE-2023-26043
Detect and mitigate CVE-2023-26043 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →