CVE-2023-40017: GeoNode Server Side Request forgery
A server side request forgery vuln was found within geonode when testing on a bug bounty program. Server side request forgery allows a user to request information on the internal service/services.
References
- github.com/GeoNode/geonode
- github.com/GeoNode/geonode/commit/a9eebae80cb362009660a1fd49e105e7cdb499b9
- github.com/GeoNode/geonode/security/advisories/GHSA-rmxg-6qqf-x8mr
- github.com/advisories/GHSA-rmxg-6qqf-x8mr
- github.com/pypa/advisory-database/tree/main/vulns/geonode/PYSEC-2023-269.yaml
- nvd.nist.gov/vuln/detail/CVE-2023-40017
Detect and mitigate CVE-2023-40017 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →