CNNVD-202601-1940 Information

CNNVD ID

CNNVD-202601-1940

Related CVE

CVE-2022-50899

• CNNVD Published: 2026-01-13

Description (Chinese)

GeoNetwork是GeoNetwork开源的一个目录应用程序。用于管理空间参考资源。 GeoNetwork 4.2.0及之前版本存在代码问题漏洞，该漏洞源于PDF渲染中存在XML外部实体漏洞，可能导致读取服务器上的任意文件。

Description (English)

GeoNetwork is a directory application from GeoNetwork Open Source. To manage space reference resources. GeoNetwork 4.2.0 and previous versions had a code gap, which stemmed from an external XML entity gap in the PDF rendering, which could lead to the reading of any files on the server.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

GeoNetwork

Published

2026-01-13

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/geonetwork-xml-external-entity-xxe https://geonetwork-opensource.org/ https://www.exploit-db.com/exploits/50982 https://access.redhat.com/security/cve/cve-2022-50899

Patch

https://geonetwork-opensource.org/downloads.html