Fw: [OSGeo-Discuss] GeoServer OGC Filter SQL Injection Vulnerabilities (CVE-2023-25158)

52 views

Skip to first unread message

unread,

Feb 21, 2023, 8:17:25 PM2/21/23

to osge...@googlegroups.com

안녕하세요?

최근 GeoTools와 GeoServer에서 SQL Injection 계열의 보안 취약점이 발견되었습니다. 이에 어떻게 대응하고 패치해야 하는지 GeoServer 개발자 커뮤니티에서 기술문서를 내놨습니다. 참고하시기 바랍니다.

감사합니다.

신상희
---
Shin, Sanghee
Gaia3D, Inc. - The GeoSpatial Company
www.gaia3d.com

------ Forwarded Message ------

From "Jody Garnett via Discuss" <dis...@lists.osgeo.org>

To "OSGeo Discussions" <dis...@lists.osgeo.org>

Date 2023-02-22 오전 6:19:54

Subject [OSGeo-Discuss] GeoServer OGC Filter SQL Injection Vulnerabilities (CVE-2023-25158)

The GeoServer team has released a statement: OGC Filter Injection Vulnerability Statement

A vulnerability has been located in the GeoTools Library that allows SQL Injection using OGC Filter and Function expressions.

Patched releases:

GeoServer Project Steering Committee

ATT00001.txt

Reply all

Reply to author

Forward

0 new messages