CVE-2024-32037

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-32037
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32037.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-32037
Aliases
Published
2025-02-11T22:15:27Z
Modified
2025-05-24T03:39:44.054115Z
Summary
[none]
Details

GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available.

References

Affected packages

Git / github.com/geonetwork/core-geonetwork

Affected ranges

Type
GIT
Repo
https://github.com/geonetwork/core-geonetwork
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

2.*

2.4.0
2.4.1
2.4.3
2.6.0
2.6.1
2.6.3
2.6.4

3.*

3.0.0
3.0.0RC0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.2.0
3.2.1
3.2.2
3.4.0
3.4.1
3.4.2

4.*

4.0.0
4.0.0-alpha.1
4.0.0-alpha.2
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4

Other

start-migration