[GeoNode-devel] Fixing JSONP enabled by default in MappingJackson2JsonView

Alessio Fabiani alessio.fabiani at geo-solutions.it
Mon Aug 12 06:49:56 PDT 2019


Hello Naresh,
thanks for the feedback. Let me double check and try to fix it accordingly.
Will send you updates as soon as possible. Regards.

Il giorno mer 7 ago 2019 alle ore 11:38 Naresh N <naresh919 at gmail.com> ha
scritto:

> Dear All,
>
> We have used GeoNode for development of our portal SUVIDHA.  As  a part
> of security check   scanned our SUVIDHA portal for vulnerabilities , it is
> showing following security alert
>
> * J**SONP enabled by default in MappingJackson2JsonView *
>
> *Reported request header is as follows*
>
>   GET
> /api/profiles/?callback=kdeltofpmt&jsonp=kdeltofpmt&cb=kdeltofpmt&json=kdeltofpmt
> HTTP/1.1 Cookie: csrftoken=NuHnIHPRdzkH6pyi1XmrWpx6Z0v60gsW Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Encoding: gzip,deflate Host: 172.26.3.222 User-Agent: Mozilla/5.0
> (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
> Chrome/73.0.3683.103 Safari/537.36 Connection: Keep-alive
>
> How do I need to fix above?
>
>  *It recommendation to fix is mentioned in the following link*
>
> https://www.acunetix.com/vulnerabilities/web/jsonp-enabled-by-default-in-mappingjackson2jsonview/
>
>
> Please help me how do find this module in GeoNode and how to fix ?.
>
> Please do the needful.
>
> Thanks & Regards,
> Naresh.N
>


-- 

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V
for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686


http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.


This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20190812/3aea9fbb/attachment.html>


More information about the geonode-devel mailing list