juanluisrp
commented
3 years ago The GeoNetwork community takes the security of the software and all services based on the software product seriously. If you believe you have found a security vulnerability in the software or an implementation of the software, please report it to geonetwork@osgeo.org as described below. Do not publish the vulnerability in any public forums.
If you encounter a security vulnerability in GeoNetwork please take care to report in a responsible fashion:
- Keep exploit details out of mailing list and issue tracker (send details to the Project Steering Committee via geonetwork@osgeo.org)
- Be prepared to work with community members on a solution
- Keep in mind community members are volunteers and an extensive fix may require fundraising / resources
For more information see How to contribute.
Vulnerable JavaScript library /geonetwork/static/lib3d.js
How to remove the above security vulnerability from geonetwork coming after security scan of accunetix