VulnerableCode Package Details - pkg:pypi/geonode@5.0.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/geonode@5.0.2

Essentials
History (1)

purl	pkg:pypi/geonode@5.0.2

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-3112-xnvn-gyen	GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL during form validation. Attackers can probe internal network targets including loopback addresses, RFC1918 private IP ranges, link-local addresses, and cloud metadata services by exploiting insufficient URL validation in the WMS service handler without private IP filtering or allowlist enforcement.	CVE-2026-39922 GHSA-hw9r-6m78-w6h3 PYSEC-2026-61

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:24:46.496484+00:00	Pypa Importer	Fixing	VCID-3112-xnvn-gyen	https://github.com/pypa/advisory-database/blob/main/vulns/geonode/PYSEC-2026-61.yaml	38.6.0