Home > Vulnerability Database > CVE-2023-25158

Mend.io Vulnerability Database

CVE-2023-25158

Date: February 21, 2023

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.

Language: Java

Severity Score

9.8

Related Resources (4)

Url: https://github.com/geotools/geotools/security/advisories/GHSA-99c3-qc2q-p94m

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25158

Url: https://github.com/geotools/geotools/commit/64fb4c47f43ca818c2fe96a94651bff1b3b3ed2b

Url: https://www.mend.io/vulnerability-database/CVE-2023-25158

Severity Score

9.8

Weakness Type (CWE)

SQL Injection

CWE-89

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25158

Date: February 21, 2023

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?