CNNVD-202511-2702 Information
CNNVD ID
CNNVD-202511-2702
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
GeoServer是GeoServer开源的一个用 Java 编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer 2.26.0版本至2.26.2之前版本和2.25.6之前版本存在代码问题漏洞,该漏洞源于geoserver/wms操作GetMap端点XML输入未充分清理或限制,可能导致XML外部实体攻击。
Description (English)
GeoServer is an open-source software server developed by Java from GeoServer Open Source. Allow users to share and edit geospatial data. GeoServer 2.26.0 to 2.26.2 has a code problem loophole, which stems from the inadequate clean-up or restriction of XML input from the GeoServer/wms operation of the GetMap endpoint.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
GeoServer
Published
2025-11-25
Last Modified
2026-02-24
References
https://github.com/geoserver/geoserver/security/advisories/GHSA-fjf5-xgmq-5525 https://osgeo-org.atlassian.net/browse/GEOS-11682 https://access.redhat.com/security/cve/cve-2025-58360
Patch
https://github.com/geoserver/geoserver/releases
Share on: