Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26043: [Fixes #10462] GeoNode is vulnerable to an XML External Entity (XXE) … · GeoNode/geonode@2fdfe91

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.

CVE

@@ -238,7 +238,7 @@ def extract_name_from_sld(gs_catalog, sld, sld_file=None):

sld = sld_file.read()

if isinstance(sld, str):

sld = sld.encode(‘utf-8’)

dom = etree.XML(sld)

dom = etree.XML(sld, parser=etree.XMLParser(resolve_entities=False))

elif sld_file and isfile(sld_file):

with open(sld_file, “rb”) as sld_file:

sld = sld_file.read()

@@ -378,7 +378,7 @@ def set_dataset_style(saved_dataset, title, sld, base_file=None):

elif isinstance(sld, str):

sld = sld.strip(‘b\’\n’)

sld = re.sub(r’(\\r)|(\\n)', '’, sld).encode(“UTF-8”)

etree.XML(sld)

etree.XML(sld, parser=etree.XMLParser(resolve_entities=False))

elif base_file and isfile(base_file):

with open(base_file, “rb”) as sld_file:

sld = sld_file.read()

Related news

GHSA-mcmc-c59m-pqq8: GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection

### Summary GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. ### Details GeoNode's GeoServer has the ability to upload new styles for datasets through the [`dataset_style_upload` view](https://github.com/GeoNode/geonode/blob/99b0557da5c7db23c72ad39e466b88fe43edf82d/geonode/geoserver/urls.py#L70-L72). ```py # https://github.dev/GeoNode/geonode/blob/99b0557da5c7db23c72ad39e466b88fe43edf82d/geonode/geoserver/views.py#L158-L159 @login_required def dataset_style_upload(request, layername): def respond(*args, **kw): kw['content_type'] = 'text/html' return json_response(*args, **kw) ... sld = request.FILES['sld'].read() # 1 sld_name = None try: # Check SLD is valid ... sld_name = extract_name_from_sld(gs_catalog, sld, sld_file=request.FILES['sld']) # 2 except Exception as e: respond(errors=f"The uploaded SLD file is not valid X...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907