Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/geonode@2.0rc4

Type pypi

Namespace

Name geonode

Version 2.0rc4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.4.5

Latest_non_vulnerable_version 5.0.2

Affected_by_vulnerabilities

url VCID-kvfp-4b99-7ufe

vulnerability_id VCID-kvfp-4b99-7ufe

summary GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.

references

reference_url	https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0
reference_id
reference_type
scores
url	https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0

reference_url	https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8
reference_id
reference_type
scores
url	https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-26043
reference_id	CVE-2023-26043
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-26043

fixed_packages

url pkg:pypi/geonode@4.0.3

purl pkg:pypi/geonode@4.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3112-xnvn-gyen

vulnerability	VCID-y7sz-snam-5ycz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.0.3

aliases CVE-2023-26043, GHSA-mcmc-c59m-pqq8, PYSEC-2023-15

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvfp-4b99-7ufe

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@2.0rc4

Package Instance