目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

GeoServer 厂商漏洞列表 / CVE 中文分析 28

GeoServer 厂商相关 28 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

GeoServer 是开源地理空间数据的核心服务组件,主要提供 OGC 标准的地图发布与共享功能。鉴于其已收录 28 条 CVE,历史上常面临远程代码执行、跨站脚本及越权访问等高危风险,多源于 XML 解析或插件机制缺陷。作为广泛部署的基础设施,其安全性直接影响地理信息系统的完整性。建议用户及时更新版本并严格配置访问控制,以缓解潜在的攻击面暴露问题。

上位製品 GeoServer: geoserver GeoWebCache
CVE IDタイトルCVSS深刻度公開日
CVE-2025-21621 GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format — geoserverCWE-79 6.1 Medium2025-11-25
CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature — geoserverCWE-611 8.2 High2025-11-25
CVE-2025-30220 GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling — geoserverCWE-611 9.9 Critical2025-06-10
CVE-2025-30145 GeoServer has an Infinite Loop Vulnerability in Jiffle process — geoserverCWE-835 7.5 High2025-06-10
CVE-2025-27505 GeoServer Missing Authorization on REST API Index — geoserverCWE-862 5.3 Medium2025-06-10
CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery — geoserverCWE-918 5.5 Medium2025-06-10
CVE-2024-38524 GWC Home Page communicate version and revision information — geoserverCWE-200 5.3 Medium2025-06-10
CVE-2024-34711 GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) — geoserverCWE-200 9.3 Critical2025-06-10
CVE-2024-29198 GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost — geoserverCWE-918 7.5 High2025-06-10
CVE-2024-35230 Welcome and About GeoServer pages communicate version and revision information — geoserverCWE-200 5.3 Medium2024-12-16
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver — geoserverCWE-95 9.8 Critical2024-07-01
CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties — geoserverCWE-200 4.5 Medium2024-07-01
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat — geoserverCWE-22 7.5 High2024-07-01
CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2024-23819 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2024-23643 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2024-23642 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2024-23640 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API — geoserverCWE-20 6.0 Medium2024-03-20
CVE-2023-51445 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2023-51444 GeoServer arbitrary file upload vulnerability in REST Coverage Store API — geoserverCWE-20 7.2 High2024-03-20
CVE-2023-41877 GeoServer log file path traversal vulnerability — geoserverCWE-22 7.2 High2024-03-20
CVE-2023-5786 GeoServer GeoWebCache rest.html direct request — GeoWebCacheCWE-425 5.3 Medium2023-10-26
CVE-2023-43795 WPS Server Side Request Forgery in GeoServer — geoserverCWE-918 8.6 High2023-10-24
CVE-2023-41339 Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer — geoserverCWE-918 8.6 High2023-10-24
CVE-2023-25157 Unfiltered SQL Injection Vulnerabilities in Geoserver — geoserverCWE-89 9.8 Critical2023-02-21
CVE-2022-24847 Improper Input Validation in GeoServer — geoserverCWE-20 7.2 High2022-04-13

本页汇总了 GeoServer 厂商截至目前公开的全部 28 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。