-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability lies in the Coverage REST API, specifically when uploading a file using the 'url' method. The provided description clearly identifies RESTUtils.java and a specific line (176 in the linked version) as containing the vulnerable code. This line is within the getRemoteSource method. The vulnerability occurs because this method takes a user-supplied URL (sourceURLValue) and uses it to fetch data without adequate validation, as recommended by GeoServer's URL Checks feature (URLCheckers.confirm(fileURL)). An attacker can craft a malicious URL to make the server perform unintended requests to internal or external services, which is characteristic of an SSRF vulnerability. The getRemoteSource function in org.geoserver.rest.util.RESTUtils is directly responsible for handling this URL and is therefore the vulnerable function. The patch would involve adding the URLCheckers.confirm() call within this function to validate the URL before it's used.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.geoserver:gs-rest | maven | < 2.26.0 | 2.26.0 |
| org.geoserver.web:gs-web-app | maven | < 2.26.0 | 2.26.0 |
JavaJavaOngoing coverage of React2Shell