geonode@2.7.5.dev20180125135927

Application for serving and sharing geospatial data

5.0.2

13 years ago

2 months ago

Known vulnerabilities in the geonode package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
H Directory Traversal geonode is an application for serving and sharing geospatial data Affected versions of this package are vulnerable to Directory Traversal due to insecure path manipulation. How to fix Directory Traversal? Upgrade `geonode` to version 4.1.0 or higher.	[,4.1.0)
H Server-side Request Forgery (SSRF) geonode is an application for serving and sharing geospatial data Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `/proxy/?url=` endpoint. An attacker can port scan internal hosts and request information from internal hosts by exploiting the insufficient protection against server-side request forgery. How to fix Server-side Request Forgery (SSRF)? Upgrade `geonode` to version 4.1.5 or higher.	[,4.1.5)
M XML External Entity (XXE) Injection geonode is an application for serving and sharing geospatial data Affected versions of this package are vulnerable to XML External Entity (XXE) Injection in the style upload functionality, which allows users to read arbitrary files. How to fix XML External Entity (XXE) Injection? Upgrade `geonode` to version 4.0.3 or higher.	[,4.0.3)