Vulnerability	Vulnerable Version
H Directory Traversal geonode is an application for serving and sharing geospatial data Affected versions of this package are vulnerable to Directory Traversal due to insecure path manipulation. How to fix Directory Traversal? Upgrade `geonode` to version 4.1.0 or higher.	[,4.1.0)
H Server-side Request Forgery (SSRF) geonode is an application for serving and sharing geospatial data Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `/proxy/?url=` endpoint. An attacker can port scan internal hosts and request information from internal hosts by exploiting the insufficient protection against server-side request forgery. How to fix Server-side Request Forgery (SSRF)? Upgrade `geonode` to version 4.1.5 or higher.	[,4.1.5)
M XML External Entity (XXE) Injection geonode is an application for serving and sharing geospatial data Affected versions of this package are vulnerable to XML External Entity (XXE) Injection in the style upload functionality, which allows users to read arbitrary files. How to fix XML External Entity (XXE) Injection? Upgrade `geonode` to version 4.0.3 or higher.	[,4.0.3)

Go back to all versions of this package