Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03ZzVmLXdyeDgtNWNjZs4AAxxV

GeoServer OGC Filter SQL Injection Vulnerabilities

Impact

GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages.

SQL Injection Vulnerabilities have been found with:

Patches

Workarounds

  1. Disabling the PostGIS Datastore encode functions setting to mitigate strEndsWith, strStartsWith vulnerabilities (Like filters have no mitigation, if there is a string field in the feature type published).
  2. Enabling the PostGIS DataStore preparedStatements setting to mitigate the FeatureId vulnerability.

References

Permalink: https://github.com/advisories/GHSA-7g5f-wrx8-5ccf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZzVmLXdyeDgtNWNjZs4AAxxV
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: almost 2 years ago


CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Percentage: 0.50237
EPSS Percentile: 0.97632

Identifiers: GHSA-7g5f-wrx8-5ccf, CVE-2023-25157
References: Repository: https://github.com/geoserver/geoserver
Blast Radius: 1.0

Affected Packages

maven:org.geoserver.community:gs-jdbcconfig
Affected Version Ranges: >= 2.22.0, < 2.22.2, < 2.21.4
Fixed in: 2.22.2, 2.21.4