{"id":"PYSEC-2023-15","details":"GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.","aliases":["CVE-2023-26043","GHSA-mcmc-c59m-pqq8"],"modified":"2023-11-01T05:01:27.285516Z","published":"2023-02-27T21:15:00Z","references":[{"type":"FIX","url":"https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0"},{"type":"ADVISORY","url":"https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8"}],"affected":[{"package":{"name":"geonode","ecosystem":"PyPI","purl":"pkg:pypi/geonode"},"ranges":[{"type":"GIT","repo":"https://github.com/GeoNode/geonode","events":[{"introduced":"0"},{"fixed":"2fdfe919f299b21f1609bf898f9dcfde58770ac0"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.3"}]}],"versions":["2.0","2.0.1","2.0.dev20130913181950","2.0.dev20140626191247","2.0b10","2.0b11","2.0b12","2.0b13","2.0b17","2.0b18","2.0b19","2.0b21","2.0b22","2.0b24","2.0b25","2.0b26","2.0b27","2.0b28","2.0b29","2.0b3","2.0b30","2.0b31","2.0b32","2.0b33","2.0b34","2.0b35","2.0b36","2.0b37","2.0b38","2.0b39","2.0b4","2.0b40","2.0b41","2.0b42","2.0b43","2.0b44","2.0b45","2.0b46","2.0b48","2.0b49","2.0b5","2.0b50","2.0b51","2.0b52","2.0b53","2.0b54","2.0b55","2.0b57","2.0b58","2.0b59","2.0b60","2.0b61","2.0b62","2.0b63","2.0b64","2.0b7","2.0c1","2.0c12","2.0c13","2.0c2","2.0c3","2.0c4","2.0c5","2.0c7","2.0c8","2.10","2.10.1","2.10.2","2.10.3","2.10.4","2.10rc0","2.10rc1","2.10rc2","2.10rc3","2.10rc4","2.10rc5","2.4","2.4.1","2.4a1","2.4a10","2.4a11","2.4a12","2.4a13","2.4a14","2.4a15","2.4a16","2.4a17","2.4a18","2.4a19","2.4a2","2.4a20","2.4a21","2.4a22","2.4a23","2.4a24","2.4a25","2.4a26","2.4a28","2.4a29","2.4a3","2.4a30","2.4a31","2.4a32","2.4a33","2.4a34","2.4a35","2.4a36","2.4a38","2.4a4","2.4a5","2.4a6","2.4a7","2.4a8","2.4a9","2.4b1","2.4b10","2.4b11","2.4b12","2.4b13","2.4b14","2.4b15","2.4b16","2.4b17","2.4b18","2.4b19","2.4b2","2.4b20","2.4b21","2.4b22","2.4b23","2.4b24","2.4b25","2.4b26","2.4b27","2.4b28","2.4b3","2.4b4","2.4b5","2.4b6","2.4b7","2.4b8","2.4c1","2.4c2","2.4c3","2.4c4","2.5.1","2.5.10","2.5.12","2.5.13","2.5.14","2.5.15","2.5.2","2.5.3","2.5.4","2.5.5","2.5.6","2.5.7","2.5.9","2.5.9.dev20170116091328","2.5.dev20160825082804","2.6","2.6.1","2.6.2","2.6.3","2.6a1","2.6c1","2.7","2.7.1.dev20171013151516","2.7.2.dev20171013181854","2.7.4.dev20171114161428","2.7.5.dev20180123130714","2.7.5.dev20180125135927","2.8","2.8.1","2.8.1rc0","2.8rc0","2.8rc1","2.8rc10","2.8rc11","2.8rc12","2.8rc13","2.8rc2","2.8rc3","2.8rc4","2.8rc5","2.8rc6","2.8rc7","2.8rc8","2.8rc9","3.0.0","3.1.0","3.1.1","3.2.0","3.2.1","3.2.2","3.2.3","3.2.3.post1","3.2.4","3.3.0","3.3.1","3.3.1.post1","3.3.2","3.3.2.post1","3.3.2.post2","3.3.3","4.0.0","4.0.0.post1","4.0.0rc0","4.0.0rc1","4.0.1","4.0.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/geonode/PYSEC-2023-15.yaml"}}],"schema_version":"1.7.3"}