Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.geoserver/gs-restconfig@2.23.3
Typemaven
Namespaceorg.geoserver
Namegs-restconfig
Version2.23.3
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.23.4
Latest_non_vulnerable_version2.24.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-u7nk-1933-fuah
vulnerability_id VCID-u7nk-1933-fuah
summary 
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API
A stored cross-site scripting (XSS) vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST Resources API.  Access to the REST Resources API is limited to full administrators by default and granting non-administrators access to this endpoint should be carefully considered as it may allow access to files containing sensitive information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-51445
reference_id
reference_type
scores
0
value 0.00979
scoring_system epss
scoring_elements 0.77051
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-51445
1
reference_url https://github.com/geoserver/geoserver
reference_id
reference_type
scores
url https://github.com/geoserver/geoserver
2
reference_url https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad
reference_id
reference_type
scores
url https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad
3
reference_url https://github.com/geoserver/geoserver/pull/7161
reference_id
reference_type
scores
url https://github.com/geoserver/geoserver/pull/7161
4
reference_url https://osgeo-org.atlassian.net/browse/GEOS-11148
reference_id
reference_type
scores
url https://osgeo-org.atlassian.net/browse/GEOS-11148
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-51445
reference_id CVE-2023-51445
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-51445
6
reference_url https://github.com/advisories/GHSA-fh7p-5f6g-vj2w
reference_id GHSA-fh7p-5f6g-vj2w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh7p-5f6g-vj2w
7
reference_url https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w
reference_id GHSA-fh7p-5f6g-vj2w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w
fixed_packages
0
url pkg:maven/org.geoserver/gs-restconfig@2.23.3
purl pkg:maven/org.geoserver/gs-restconfig@2.23.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-restconfig@2.23.3
aliases CVE-2023-51445, GHSA-fh7p-5f6g-vj2w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u7nk-1933-fuah
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-restconfig@2.23.3