VDB
GHSA-826p-4gcg-35vw
GHSA-826p-4gcg-35vw
PUBLISHED
CVSS 9.899999618530273 CRITICAL
GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling
Risk Scores
CVSS v3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.geotools:gt-xsd-core | |
| Maven | org.geotools:gt-wfs-ng | 29.0, 0, 29.0 |
| Maven | org.geotools:gt-xsd-core | 32.0, 29.0, 0 |
Timeline
- Jun 9, 2025 CVE Published
References
- https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc url
- https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc url
- https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw url
- https://github.com/geotools/geotools package
- GitHub Advisory GHSA-826p-4gcg-35vw vendor-advisory