CVE-2026-42352

Sažetak

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3.

Reference

https://github.com/geopython/pygeoapi/commit/3a63f5b0cc6275e3ae0edb47726b13a43cdd90ef
https://github.com/geopython/pygeoapi/releases/tag/0.23.3
https://github.com/geopython/pygeoapi/security/advisories/GHSA-jgvc-94c8-3chc

CVSS

Base:	8.6
Impact:	4.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Zadnje važnije ažuriranje

08-05-2026 - 23:16

Objavljeno

08-05-2026 - 23:16