Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2023-43795

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.

Published: Oct 25, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-43795
GHSA: GHSA-5pr3-m5hm-9956
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.6
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
org.geoserver.extension / gs-wps-core	-	2.22.5
org.geoserver.extension / gs-wps-core	2.23.0	2.23.2
osgeo / geoserver	2.23.0	2.23.2
osgeo / geoserver	-	2.22.5

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo