Open Source Geospatial Foundation (OSGeo) GeoNetwork 4.0.0 Alpha 1
Approved changes feed: RSS · Atom
cpe:2.3:a:osgeo:geonetwork:4.0.0:alpha1:*:*:*:*:*:*
part: a version: 4.0.0 update: alpha1
| Vendor | Osgeo (706646bf-cac0-5b16-9ff6-83d28fd0444b) |
|---|---|
| Product | Geonetwork (37753974-c015-573e-ae24-5ab1c282ea2a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/geonetwork |
purl2cpe | 2026-06-01 10:12:16.140796 |
pkg:github/geonetwork/core-geonetwork |
purl2cpe | 2026-06-01 10:12:16.140797 |
pkg:sourceforge/geonetwork |
purl2cpe | 2026-06-01 10:12:16.140799 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-28398 |
vulnerable | 2026-06-08 05:31:24.166138 |
Details available
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0.
Published: 2022-09-05T16:09:29.000Z
Updated: 2024-08-03T21:40:14.221Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.