Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.geoserver/gs-main@2.20.0
Typemaven
Namespaceorg.geoserver
Namegs-main
Version2.20.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.20.4
Latest_non_vulnerable_version2.25.1
Affected_by_vulnerabilities
0
url VCID-ss17-rqzt-zqgs
vulnerability_id VCID-ss17-rqzt-zqgs
summary 
Improper Input Validation
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24847
reference_id
reference_type
scores
0
value 0.00291
scoring_system epss
scoring_elements 0.52757
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24847
1
reference_url https://github.com/geoserver/geoserver
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/geoserver/geoserver
2
reference_url https://github.com/geoserver/geoserver/commit/b94a69943992df999d627b21a4ed056fad4569f8
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/geoserver/geoserver/commit/b94a69943992df999d627b21a4ed056fad4569f8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24847
reference_id CVE-2022-24847
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24847
4
reference_url https://github.com/advisories/GHSA-4pm3-f52j-8ggh
reference_id GHSA-4pm3-f52j-8ggh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pm3-f52j-8ggh
5
reference_url https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh
reference_id GHSA-4pm3-f52j-8ggh
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:24Z/
url https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh
fixed_packages
0
url pkg:maven/org.geoserver/gs-main@2.20.4
purl pkg:maven/org.geoserver/gs-main@2.20.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-main@2.20.4
aliases CVE-2022-24847, GHSA-4pm3-f52j-8ggh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ss17-rqzt-zqgs
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-main@2.20.0