CVE-2023-25158

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-25158

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25158.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25158

Aliases

GHSA-99c3-qc2q-p94m

Published

2023-02-21T21:15:11Z

Modified

2024-05-30T04:02:24.411955Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable encode functions for PostGIS DataStores or enable prepared statements for JDBCDataStores as a partial mitigation.

References

Affected packages

Git / github.com/geotools/geotools

Affected ranges

Type: GIT
Repo: https://github.com/geotools/geotools
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

64fb4c47f43ca818c2fe96a94651bff1b3b3ed2b

Affected versions

21.*

21.6b

26.*

26.1a

26.1b