[OSGeo-Discuss] GeoServer OGC Filter SQL Injection Vulnerabilities (CVE-2023-25158)
Jody Garnett
jody.garnett at gmail.com
Tue Feb 21 13:19:54 PST 2023
The GeoServer team has released a statement: OGC Filter Injection
Vulnerability Statement
<https://geoserver.org/vulnerability/2023/02/20/ogc-filter-injection.html>
A vulnerability has been located in the GeoTools Library that allows SQL
Injection using OGC Filter and Function expressions.
- CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities
<https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf>
(GeoServer)
- CVE-2023-25158 OGC Filter SQL Injection Vulnerabilities
<https://github.com/geotools/geotools/security/advisories/GHSA-99c3-qc2q-p94m>
(GeoTools)
Patched releases:
- GeoServer 2.22.2
<https://geoserver.org/announcements/2023/02/20/geoserver-2-22-2-released.html>
stable release
- GeoServer 2.21.4
<https://geoserver.org/announcements/2023/02/20/geoserver-2-21-4-released.html>
maintenance
- GeoServer 2.20.7
<https://geoserver.org/announcements/2023/02/20/geoserver-2-20-7-released.html>
- GeoServer 2.19.7
<https://geoserver.org/announcements/2023/02/20/geoserver-2-19-7-released.html>
- GeoServer 2.18.7
<https://geoserver.org/announcements/2023/02/20/geoserver-2-18-7-released.html>
--
GeoServer Project Steering Committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/discuss/attachments/20230221/6151b2c9/attachment.htm>
More information about the Discuss
mailing list