—

PYSEC-2023-15

상세

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / geonode

최초 영향 버전: 0 수정 버전: 2fdfe919f299b21f1609bf898f9dcfde58770ac0

수정 pip install --upgrade 'geonode>=2fdfe919f299b21f1609bf898f9dcfde58770ac0'

참고

https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0 [FIX]
https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8 [ADVISORY]