Vulnerability Details CVE-2023-25158
GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.4%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/geotools/geotools/commit/64fb4c47f43ca818c2fe96a94651bff1b3b3ed2b
- https://github.com/geotools/geotools/security/advisories/GHSA-99c3-qc2q-p94m
- https://github.com/geotools/geotools/commit/64fb4c47f43ca818c2fe96a94651bff1b3b3ed2b
- https://github.com/geotools/geotools/security/advisories/GHSA-99c3-qc2q-p94m
Products affected by CVE-2023-25158
-
cpe:2.3:a:geotools:geotools:10
-
cpe:2.3:a:geotools:geotools:10.0
-
cpe:2.3:a:geotools:geotools:10.1
-
cpe:2.3:a:geotools:geotools:10.2
-
cpe:2.3:a:geotools:geotools:10.3
-
cpe:2.3:a:geotools:geotools:10.4
-
cpe:2.3:a:geotools:geotools:10.5
-
cpe:2.3:a:geotools:geotools:10.6
-
cpe:2.3:a:geotools:geotools:10.7
-
cpe:2.3:a:geotools:geotools:10.8
-
cpe:2.3:a:geotools:geotools:11
-
cpe:2.3:a:geotools:geotools:11.0
-
cpe:2.3:a:geotools:geotools:11.1
-
cpe:2.3:a:geotools:geotools:11.2
-
cpe:2.3:a:geotools:geotools:11.3
-
cpe:2.3:a:geotools:geotools:11.4
-
cpe:2.3:a:geotools:geotools:11.5
-
cpe:2.3:a:geotools:geotools:12
-
cpe:2.3:a:geotools:geotools:12.0
-
cpe:2.3:a:geotools:geotools:12.0.1
-
cpe:2.3:a:geotools:geotools:12.1
-
cpe:2.3:a:geotools:geotools:12.2
-
cpe:2.3:a:geotools:geotools:12.3
-
cpe:2.3:a:geotools:geotools:12.4
-
cpe:2.3:a:geotools:geotools:12.5
-
cpe:2.3:a:geotools:geotools:13
-
cpe:2.3:a:geotools:geotools:13.0
-
cpe:2.3:a:geotools:geotools:13.1
-
cpe:2.3:a:geotools:geotools:13.2
-
cpe:2.3:a:geotools:geotools:13.3
-
cpe:2.3:a:geotools:geotools:13.4
-
cpe:2.3:a:geotools:geotools:13.5
-
cpe:2.3:a:geotools:geotools:13.6
-
cpe:2.3:a:geotools:geotools:14
-
cpe:2.3:a:geotools:geotools:14.0
-
cpe:2.3:a:geotools:geotools:14.1
-
cpe:2.3:a:geotools:geotools:14.2
-
cpe:2.3:a:geotools:geotools:14.3
-
cpe:2.3:a:geotools:geotools:14.4
-
cpe:2.3:a:geotools:geotools:14.5
-
cpe:2.3:a:geotools:geotools:15
-
cpe:2.3:a:geotools:geotools:15.0
-
cpe:2.3:a:geotools:geotools:15.1
-
cpe:2.3:a:geotools:geotools:15.2
-
cpe:2.3:a:geotools:geotools:15.3
-
cpe:2.3:a:geotools:geotools:15.4
-
cpe:2.3:a:geotools:geotools:16
-
cpe:2.3:a:geotools:geotools:16.0
-
cpe:2.3:a:geotools:geotools:16.1
-
cpe:2.3:a:geotools:geotools:16.2
-
cpe:2.3:a:geotools:geotools:16.3
-
cpe:2.3:a:geotools:geotools:16.4
-
cpe:2.3:a:geotools:geotools:16.5
-
cpe:2.3:a:geotools:geotools:17
-
cpe:2.3:a:geotools:geotools:17.0
-
cpe:2.3:a:geotools:geotools:17.1
-
cpe:2.3:a:geotools:geotools:17.2
-
cpe:2.3:a:geotools:geotools:17.3
-
cpe:2.3:a:geotools:geotools:17.4
-
cpe:2.3:a:geotools:geotools:17.5
-
cpe:2.3:a:geotools:geotools:18
-
cpe:2.3:a:geotools:geotools:18.0
-
cpe:2.3:a:geotools:geotools:18.1
-
cpe:2.3:a:geotools:geotools:18.2
-
cpe:2.3:a:geotools:geotools:18.3
-
cpe:2.3:a:geotools:geotools:18.4
-
cpe:2.3:a:geotools:geotools:18.5
-
cpe:2.3:a:geotools:geotools:19
-
cpe:2.3:a:geotools:geotools:19.0
-
cpe:2.3:a:geotools:geotools:19.1
-
cpe:2.3:a:geotools:geotools:19.2
-
cpe:2.3:a:geotools:geotools:19.3
-
cpe:2.3:a:geotools:geotools:19.4
-
cpe:2.3:a:geotools:geotools:2.2.0
-
cpe:2.3:a:geotools:geotools:2.2.1
-
cpe:2.3:a:geotools:geotools:2.2.2
-
cpe:2.3:a:geotools:geotools:2.3.0
-
cpe:2.3:a:geotools:geotools:2.3.1
-
cpe:2.3:a:geotools:geotools:2.3.2
-
cpe:2.3:a:geotools:geotools:2.3.3
-
cpe:2.3:a:geotools:geotools:2.3.4
-
cpe:2.3:a:geotools:geotools:2.3.5
-
cpe:2.3:a:geotools:geotools:2.4.0
-
cpe:2.3:a:geotools:geotools:2.4.1
-
cpe:2.3:a:geotools:geotools:2.4.2
-
cpe:2.3:a:geotools:geotools:2.4.3
-
cpe:2.3:a:geotools:geotools:2.4.4
-
cpe:2.3:a:geotools:geotools:2.4.5
-
cpe:2.3:a:geotools:geotools:2.5.0
-
cpe:2.3:a:geotools:geotools:2.5.1
-
cpe:2.3:a:geotools:geotools:2.5.2
-
cpe:2.3:a:geotools:geotools:2.5.3
-
cpe:2.3:a:geotools:geotools:2.5.4
-
cpe:2.3:a:geotools:geotools:2.5.5
-
cpe:2.3:a:geotools:geotools:2.5.6
-
cpe:2.3:a:geotools:geotools:2.5.7
-
cpe:2.3:a:geotools:geotools:2.5.8
-
cpe:2.3:a:geotools:geotools:2.6
-
cpe:2.3:a:geotools:geotools:2.6.0
-
cpe:2.3:a:geotools:geotools:2.6.1
-
cpe:2.3:a:geotools:geotools:2.6.2
-
cpe:2.3:a:geotools:geotools:2.6.3
-
cpe:2.3:a:geotools:geotools:2.6.4
-
cpe:2.3:a:geotools:geotools:2.6.5
-
cpe:2.3:a:geotools:geotools:2.6.6
-
cpe:2.3:a:geotools:geotools:2.7
-
cpe:2.3:a:geotools:geotools:2.7.0
-
cpe:2.3:a:geotools:geotools:2.7.0.1
-
cpe:2.3:a:geotools:geotools:2.7.1
-
cpe:2.3:a:geotools:geotools:2.7.2
-
cpe:2.3:a:geotools:geotools:2.7.3
-
cpe:2.3:a:geotools:geotools:2.7.4
-
cpe:2.3:a:geotools:geotools:2.7.5
-
cpe:2.3:a:geotools:geotools:20
-
cpe:2.3:a:geotools:geotools:20.0
-
cpe:2.3:a:geotools:geotools:20.1
-
cpe:2.3:a:geotools:geotools:20.2
-
cpe:2.3:a:geotools:geotools:20.3
-
cpe:2.3:a:geotools:geotools:20.4
-
cpe:2.3:a:geotools:geotools:20.5
-
cpe:2.3:a:geotools:geotools:21
-
cpe:2.3:a:geotools:geotools:21.0
-
cpe:2.3:a:geotools:geotools:21.1
-
cpe:2.3:a:geotools:geotools:21.2
-
cpe:2.3:a:geotools:geotools:21.3
-
cpe:2.3:a:geotools:geotools:21.4
-
cpe:2.3:a:geotools:geotools:21.5
-
cpe:2.3:a:geotools:geotools:22
-
cpe:2.3:a:geotools:geotools:22.0
-
cpe:2.3:a:geotools:geotools:22.1
-
cpe:2.3:a:geotools:geotools:22.2
-
cpe:2.3:a:geotools:geotools:22.3
-
cpe:2.3:a:geotools:geotools:22.4
-
cpe:2.3:a:geotools:geotools:22.5
-
cpe:2.3:a:geotools:geotools:23
-
cpe:2.3:a:geotools:geotools:23.0
-
cpe:2.3:a:geotools:geotools:23.1
-
cpe:2.3:a:geotools:geotools:23.2
-
cpe:2.3:a:geotools:geotools:23.3
-
cpe:2.3:a:geotools:geotools:23.4
-
cpe:2.3:a:geotools:geotools:23.5
-
cpe:2.3:a:geotools:geotools:24
-
cpe:2.3:a:geotools:geotools:24.0
-
cpe:2.3:a:geotools:geotools:24.1
-
cpe:2.3:a:geotools:geotools:24.2
-
cpe:2.3:a:geotools:geotools:24.3
-
cpe:2.3:a:geotools:geotools:24.4
-
cpe:2.3:a:geotools:geotools:24.5
-
cpe:2.3:a:geotools:geotools:24.6
-
cpe:2.3:a:geotools:geotools:25.0
-
cpe:2.3:a:geotools:geotools:25.1
-
cpe:2.3:a:geotools:geotools:25.2
-
cpe:2.3:a:geotools:geotools:25.3
-
cpe:2.3:a:geotools:geotools:25.4
-
cpe:2.3:a:geotools:geotools:25.5
-
cpe:2.3:a:geotools:geotools:25.6
-
cpe:2.3:a:geotools:geotools:26.0
-
cpe:2.3:a:geotools:geotools:26.1
-
cpe:2.3:a:geotools:geotools:26.2
-
cpe:2.3:a:geotools:geotools:26.3
-
cpe:2.3:a:geotools:geotools:26.4
-
cpe:2.3:a:geotools:geotools:26.5
-
cpe:2.3:a:geotools:geotools:26.6
-
cpe:2.3:a:geotools:geotools:27.0
-
cpe:2.3:a:geotools:geotools:27.1
-
cpe:2.3:a:geotools:geotools:27.2
-
cpe:2.3:a:geotools:geotools:27.3
-
cpe:2.3:a:geotools:geotools:28.0
-
cpe:2.3:a:geotools:geotools:28.1
-
cpe:2.3:a:geotools:geotools:8.0
-
cpe:2.3:a:geotools:geotools:8.1
-
cpe:2.3:a:geotools:geotools:8.2
-
cpe:2.3:a:geotools:geotools:8.3
-
cpe:2.3:a:geotools:geotools:8.4
-
cpe:2.3:a:geotools:geotools:8.5
-
cpe:2.3:a:geotools:geotools:8.6
-
cpe:2.3:a:geotools:geotools:8.7
-
cpe:2.3:a:geotools:geotools:9.0
-
cpe:2.3:a:geotools:geotools:9.1
-
cpe:2.3:a:geotools:geotools:9.2
-
cpe:2.3:a:geotools:geotools:9.3
-
cpe:2.3:a:geotools:geotools:9.4
-
cpe:2.3:a:geotools:geotools:9.5