Skip to content

PartialBufferOutputStream2 flush issues

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Jul 10, 2024
Withdrawn This advisory was withdrawn on Jul 10, 2024

Package

maven org.geoserver.web:gs-web-app (Maven)

Affected versions

< 1.6.1

Patched versions

1.6.1
maven org.geoserver:gs-main (Maven)
< 1.6.1
1.6.1

Description

Withdrawn

This advisory has been withdrawn as there the effects of the bug would only give the caller an incomplete view of data which they would be authorized to see.

Original Advisory

PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.

References

Published by the National Vulnerability Database Sep 14, 2009
Published to the GitHub Advisory Database May 17, 2022
Reviewed Jul 9, 2024
Last updated Jul 10, 2024
Withdrawn Jul 10, 2024

Severity

Moderate

EPSS score

0.154%
(53rd percentile)

Weaknesses

CVE ID

CVE-2008-7227

GHSA ID

GHSA-8hmh-mhqv-7638

Source code

No known source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.