GHSA-2p76-gc46-5fvc: GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint

Skip to content

Navigation Menu

• • GitHub Copilot

    Write better code with AI

  • GitHub Models New

    Manage and compare prompts

  • GitHub Advanced Security

    Find and fix vulnerabilities

  • Actions

    Automate any workflow

  • Codespaces

    Instant dev environments

*   Issues
    
    Plan and track work
    
*   Code Review
    
    Manage code changes
    
*   Discussions
    
    Collaborate outside of code
    
*   Code Search
    
    Find more, search less

• Explore

  • Learning Pathways
  • Events & Webinars
  • Ebooks & Whitepapers
  • Customer Stories
  • Partners
  • Executive Insights

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles

• • Enterprise platform

    AI-powered developer platform

• Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

1. GitHub Advisory Database
2. GitHub Reviewed
3. GHSA-2p76-gc46-5fvc

GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint

High severity GitHub Reviewed Published Jun 10, 2025 in geonetwork/core-geonetwork • Updated Jun 10, 2025

Package

maven org.geonetwork-opensource:gn-web-app (Maven)

Affected versions

>= 4.4.0, <= 4.4.7

>= 4.2.0, <= 4.2.12

Patched versions

4.4.8

4.2.13

maven org.geonetwork-opensource:gn-wfsfeature-harvester (Maven)

>= 4.4.0, <= 4.4.7

>= 4.2.0, <= 4.2.12

Description

Published to the GitHub Advisory Database

Jun 10, 2025

Last updated

Jun 10, 2025

EPSS score