GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application’s lack of effective authentication of uploaded files. An authenticated attacker can exploit this vulnerability to modify the storage via the REST Coverage Store API to upload arbitrary file content to an arbitrary file location, resulting in remote code execution.
CPE | Name | Operator | Version |
---|---|---|---|
geoserver geoserver | lt | 2.23.4 | |
geoserver geoserver | lt | 2.24.1 |