Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-3112-xnvn-gyen

Summary GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL during form validation. Attackers can probe internal network targets including loopback addresses, RFC1918 private IP ranges, link-local addresses, and cloud metadata services by exploiting insufficient URL validation in the WMS service handler without private IP filtering or allowlist enforcement.

Aliases

alias	CVE-2026-39922

alias	GHSA-hw9r-6m78-w6h3

alias	PYSEC-2026-61

Fixed_packages

url	pkg:pypi/geonode@4.4.5
purl	pkg:pypi/geonode@4.4.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.4.5

url	pkg:pypi/geonode@5.0.2
purl	pkg:pypi/geonode@5.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@5.0.2

Affected_packages

url pkg:pypi/geonode@4.0.0

purl pkg:pypi/geonode@4.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

vulnerability	VCID-kvfp-4b99-7ufe

vulnerability	VCID-y7sz-snam-5ycz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.0.0

url pkg:pypi/geonode@4.0.0.post1

purl pkg:pypi/geonode@4.0.0.post1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

vulnerability	VCID-kvfp-4b99-7ufe

vulnerability	VCID-y7sz-snam-5ycz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.0.0.post1

url pkg:pypi/geonode@4.0.1

purl pkg:pypi/geonode@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

vulnerability	VCID-kvfp-4b99-7ufe

vulnerability	VCID-y7sz-snam-5ycz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.0.1

url pkg:pypi/geonode@4.0.2

purl pkg:pypi/geonode@4.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

vulnerability	VCID-kvfp-4b99-7ufe

vulnerability	VCID-y7sz-snam-5ycz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.0.2

url pkg:pypi/geonode@4.0.3

purl pkg:pypi/geonode@4.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

vulnerability	VCID-y7sz-snam-5ycz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.0.3

url pkg:pypi/geonode@4.1.0

purl pkg:pypi/geonode@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

vulnerability	VCID-y7sz-snam-5ycz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.1.0

url pkg:pypi/geonode@4.1.1

purl pkg:pypi/geonode@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

vulnerability	VCID-y7sz-snam-5ycz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.1.1

url pkg:pypi/geonode@4.1.2

purl pkg:pypi/geonode@4.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

vulnerability	VCID-y7sz-snam-5ycz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.1.2

url pkg:pypi/geonode@4.1.3

purl pkg:pypi/geonode@4.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.1.3

url pkg:pypi/geonode@4.1.3.post1

purl pkg:pypi/geonode@4.1.3.post1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.1.3.post1

url pkg:pypi/geonode@4.1.4

purl pkg:pypi/geonode@4.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.1.4

url pkg:pypi/geonode@4.1.5

purl pkg:pypi/geonode@4.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.1.5

url pkg:pypi/geonode@4.2.0

purl pkg:pypi/geonode@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.2.0

url pkg:pypi/geonode@4.2.1

purl pkg:pypi/geonode@4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.2.1

url pkg:pypi/geonode@4.2.2

purl pkg:pypi/geonode@4.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.2.2

url pkg:pypi/geonode@4.2.3

purl pkg:pypi/geonode@4.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.2.3

url pkg:pypi/geonode@4.2.4

purl pkg:pypi/geonode@4.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.2.4

url pkg:pypi/geonode@4.2.5

purl pkg:pypi/geonode@4.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.2.5

url pkg:pypi/geonode@4.3.0

purl pkg:pypi/geonode@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.3.0

url pkg:pypi/geonode@4.3.0.post1

purl pkg:pypi/geonode@4.3.0.post1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.3.0.post1

url pkg:pypi/geonode@4.3.1

purl pkg:pypi/geonode@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.3.1

url pkg:pypi/geonode@4.4.0

purl pkg:pypi/geonode@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.4.0

url pkg:pypi/geonode@4.4.1

purl pkg:pypi/geonode@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.4.1

url pkg:pypi/geonode@4.4.2

purl pkg:pypi/geonode@4.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.4.2

url pkg:pypi/geonode@4.4.3

purl pkg:pypi/geonode@4.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.4.3

url pkg:pypi/geonode@4.4.4

purl pkg:pypi/geonode@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.4.4

url pkg:pypi/geonode@5.0.0

purl pkg:pypi/geonode@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@5.0.0

url pkg:pypi/geonode@5.0.1

purl pkg:pypi/geonode@5.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@5.0.1

References

reference_url

https://github.com/GeoNode/geonode/security/advisories/GHSA-hw9r-6m78-w6h3

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://github.com/GeoNode/geonode/security/advisories/GHSA-hw9r-6m78-w6h3

reference_url

https://www.vulncheck.com/advisories/geonode-ssrf-via-service-registration

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://www.vulncheck.com/advisories/geonode-ssrf-via-service-registration

Weaknesses

Exploits

Severity_range_score 6.3 - 6.3

Exploitability 0.5

Weighted_severity 5.7

Risk_score 2.9

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3112-xnvn-gyen

Vulnerability Instance