org.geoserver.web:gs-web-app
Maven11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.geoserver.web:gs-web-apppage 1 of 1
- CVE-2023-41339HIGHCVSS 8.6EG 8.6✓ Fixed in 2.23.22023-10-25
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user s…
- CVE-2024-24749HIGHCVSS 7.5EG 7.5✓ Fixed in 2.24.32024-07-01
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is poss…
- CVE-2024-34696MEDIUMCVSS 4.5EG 4.5✓ Fixed in 2.25.12024-07-01
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Jav…
- CVE-2024-34711CRITICALCVSS 9.3EG 9.3✓ Fixed in 2.25.02025-06-10
GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET requ…
- CVE-2024-35230MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.25.12024-12-16
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including…
- CVE-2024-36401CRITICALCVSS 9.8EG 9.8⚠ KEV✓ Fixed in 2.22.62024-07-01
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users throug…
- CVE-2024-38524MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.26.22025-06-10
GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information f…
- CVE-2024-40625MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.26.02025-06-10
GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (w…
- CVE-2025-30145HIGHCVSS 7.5EG 7.5✓ Fixed in 2.26.32025-06-10
GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter a…
- CVE-2025-30220CRITICALCVSS 9.9EG 9.9✓ Fixed in 2.27.12025-06-10
vulnerable: 2.27.0
GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts wh…
- CVE-2025-58360HIGHCVSS 8.2EG 9.0⚠ KEV✓ Fixed in 2.26.22025-11-25
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input th…
Check whether org.geoserver.web:gs-web-app is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.geoserver.web:gs-web-app CVEs against the assets you own.
Start Free Scan →