Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/geonode@3.2.3.post1
Typepypi
Namespace
Namegeonode
Version3.2.3.post1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.4.5
Latest_non_vulnerable_version5.0.2
Affected_by_vulnerabilities
0
url VCID-2uc9-efdk-93du
vulnerability_id VCID-2uc9-efdk-93du
summary GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. The application is using a whitelist, but the whitelist can be bypassed. The bypass will trick the application that the first host is a whitelisted address, but the browser will use `@` or `%40` as a credential to the host geoserver on port 8080, this will return the data to that host on the response. Version 4.1.3.post1 is the first available version that contains a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42439
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23587
published_at 2026-06-12T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23392
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42439
1
reference_url https://github.com/GeoNode/geonode
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/GeoNode/geonode
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/geonode/PYSEC-2023-176.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/geonode/PYSEC-2023-176.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42439
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42439
4
reference_url https://github.com/GeoNode/geonode/releases/tag/4.1.3
reference_id 4.1.3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:28:13Z/
url https://github.com/GeoNode/geonode/releases/tag/4.1.3
5
reference_url https://github.com/GeoNode/geonode/commit/79ac6e70419c2e0261548bed91c159b54ff35b8d
reference_id 79ac6e70419c2e0261548bed91c159b54ff35b8d
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:28:13Z/
url https://github.com/GeoNode/geonode/commit/79ac6e70419c2e0261548bed91c159b54ff35b8d
6
reference_url https://github.com/advisories/GHSA-pxg5-h34r-7q8p
reference_id GHSA-pxg5-h34r-7q8p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pxg5-h34r-7q8p
7
reference_url https://github.com/GeoNode/geonode/security/advisories/GHSA-pxg5-h34r-7q8p
reference_id GHSA-pxg5-h34r-7q8p
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T17:28:13Z/
url https://github.com/GeoNode/geonode/security/advisories/GHSA-pxg5-h34r-7q8p
fixed_packages
0
url pkg:pypi/geonode@4.1.3.post1
purl pkg:pypi/geonode@4.1.3.post1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pz62-4ruz-xbag
1
vulnerability VCID-zfm7-uxa4-m7c9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.1.3.post1
aliases CVE-2023-42439, GHSA-pxg5-h34r-7q8p, PYSEC-2023-176
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2uc9-efdk-93du
1
url VCID-pz62-4ruz-xbag
vulnerability_id VCID-pz62-4ruz-xbag
summary GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40017
reference_id
reference_type
scores
0
value 0.00106
scoring_system epss
scoring_elements 0.28495
published_at 2026-06-12T12:55:00Z
1
value 0.00106
scoring_system epss
scoring_elements 0.28299
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40017
1
reference_url https://github.com/GeoNode/geonode
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/GeoNode/geonode
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/geonode/PYSEC-2023-269.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/geonode/PYSEC-2023-269.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40017
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40017
4
reference_url https://github.com/GeoNode/geonode/commit/a9eebae80cb362009660a1fd49e105e7cdb499b9
reference_id a9eebae80cb362009660a1fd49e105e7cdb499b9
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:12:22Z/
url https://github.com/GeoNode/geonode/commit/a9eebae80cb362009660a1fd49e105e7cdb499b9
5
reference_url https://github.com/advisories/GHSA-rmxg-6qqf-x8mr
reference_id GHSA-rmxg-6qqf-x8mr
reference_type
scores
url https://github.com/advisories/GHSA-rmxg-6qqf-x8mr
6
reference_url https://github.com/GeoNode/geonode/security/advisories/GHSA-rmxg-6qqf-x8mr
reference_id GHSA-rmxg-6qqf-x8mr
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:12:22Z/
url https://github.com/GeoNode/geonode/security/advisories/GHSA-rmxg-6qqf-x8mr
fixed_packages
0
url pkg:pypi/geonode@4.1.3
purl pkg:pypi/geonode@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uc9-efdk-93du
1
vulnerability VCID-pz62-4ruz-xbag
2
vulnerability VCID-zfm7-uxa4-m7c9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.1.3
1
url pkg:pypi/geonode@4.2.0
purl pkg:pypi/geonode@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zfm7-uxa4-m7c9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.2.0
aliases CVE-2023-40017, GHSA-rmxg-6qqf-x8mr, PYSEC-2023-269
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pz62-4ruz-xbag
2
url VCID-q8tr-d3gt-mbbu
vulnerability_id VCID-q8tr-d3gt-mbbu
summary GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26043
reference_id
reference_type
scores
0
value 0.00234
scoring_system epss
scoring_elements 0.46646
published_at 2026-06-12T12:55:00Z
1
value 0.00234
scoring_system epss
scoring_elements 0.46501
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26043
1
reference_url https://github.com/GeoNode/geonode
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/GeoNode/geonode
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/geonode/PYSEC-2023-15.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/geonode/PYSEC-2023-15.yaml
3
reference_url https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0
reference_id 2fdfe919f299b21f1609bf898f9dcfde58770ac0
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T18:53:38Z/
url https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26043
reference_id CVE-2023-26043
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26043
5
reference_url https://github.com/advisories/GHSA-mcmc-c59m-pqq8
reference_id GHSA-mcmc-c59m-pqq8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mcmc-c59m-pqq8
6
reference_url https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8
reference_id GHSA-mcmc-c59m-pqq8
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T18:53:38Z/
url https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8
fixed_packages
0
url pkg:pypi/geonode@4.0.3
purl pkg:pypi/geonode@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uc9-efdk-93du
1
vulnerability VCID-pz62-4ruz-xbag
2
vulnerability VCID-zfm7-uxa4-m7c9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/geonode@4.0.3
aliases CVE-2023-26043, GHSA-mcmc-c59m-pqq8, PYSEC-2023-15
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8tr-d3gt-mbbu
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/geonode@3.2.3.post1