Summary The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allow to upload file with a specified url (with {method} equals 'url') with no restrict. Details The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allow to upload file with a specified url (with {method} equals 'url'). But this url has not been check with URL Checks feature. For example, should add the code below to check fileURL: java URLCheckers.confirm(fileURL) The vulnerable code was RESTUtils.java Impact This vulnerability presents the opportunity for Server Side Request Forgery. References https://osgeo-org.atlassian.net/browse/GEOS-11468…Read More