Vulnerabilities > Osgeo > Geonetwork

DATE CVE VULNERABILITY TITLE RISK
2022-09-05 CVE-2021-28398 OS Command Injection vulnerability in Osgeo Geonetwork
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure.
network
low complexity
osgeo CWE-78
7.2