CVE-2023-40017

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-40017
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40017.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-40017
Aliases
Published
2023-08-24T22:45:48Z
Modified
2025-10-14T14:34:23Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Geonode Server Side Request Forgery vulnerability
Details

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9.

References

Affected packages

Git / github.com/GeoNode/geonode

Affected ranges

Type
GIT
Repo
https://github.com/GeoNode/geonode
Events
Introduced
d120dfe19303bf73e384352c2c1913993b2bff72
Last affected
2d832ace39f4eee0252b346b020dd53404573b99

Git / github.com/GeoNode/geonode

Affected ranges

Type
GIT
Repo
https://github.com/GeoNode/geonode
Events
Introduced
d120dfe19303bf73e384352c2c1913993b2bff72
Last affected
2d832ace39f4eee0252b346b020dd53404573b99