Zoran Kokeza

1 exploit Active since Feb 2026
CVE-2026-27818 WRITEUP HIGH WRITEUP
TerriaJS-Server < 4.0.3 - Server-Side Request Forgery via Proxy Domain Validation Bypass
TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the `proxyableDomains` configuration. Version 4.0.3 fixes the issue.
CVSS 7.5