Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
GeoServer Server-Side Request Forgery (SSRF) Vulnerability - CVE-2024-40625 - Vulnerability Database
GeoServer

GeoServer Server-Side Request Forgery (SSRF) Vulnerability - CVE-2024-40625

Medium
Reference: CVE-2024-40625
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-40625
Title: GeoServer Server-Side Request Forgery (SSRF) Vulnerability
Overview:

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url (with method equals 39url39) with no restrict. This vulnerability is fixed in 2.26.0.