Product

Pygeoapi (0.23.0 - 0.23.2)

1 brief RSS

pygeoapi Unauthenticated SSRF Vulnerability in OGC API - Processes Subscriber

pygeoapi versions 0.23.0 to 0.23.2 contain an unauthenticated server-side request forgery (SSRF) vulnerability where OGC API process execution requests can use the subscriber object to make requests to internal HTTP services, which is resolved in version 0.23.3 by disabling internal requests by default.

pygeoapi ssrf ogc api cve-2026-42352 vulnerability cloud

2r 1t Jan 3, 2024