4.4.1
11 years ago
1 months ago
Known vulnerabilities in the geonode package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
geonode is an application for serving and sharing geospatial data Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. How to fix Cross-site Scripting (XSS)? Upgrade | [3.2.0,4.2.3) |
geonode is an application for serving and sharing geospatial data Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the geospatial data sharing feature. An attacker can bypass existing controls and request internal services, returning any data from the internal network. Note: The application uses a whitelist, but this can be bypassed by tricking the application into believing the first host is a whitelisted address, while the browser uses How to fix Server-side Request Forgery (SSRF)? Upgrade | [3.2.0,4.1.3) |
geonode is an application for serving and sharing geospatial data Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the How to fix Server-side Request Forgery (SSRF)? Upgrade | [,4.1.5) |