Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:4D43F3E7BABB4800CE51B8AFE4397DD8
HistoryJun 27, 2024 - 12:00 a.m.

GeoServer JAI-EXT extension command injection

2024-06-2700:00:00
SAINT Corporation
download.saintcorporation.com
54
geoserver
jai-ext
vulnerability
command injection
upgrade
resolution
remote attacker
image processing
api
jiffle
geoserver security

8 High

AI Score

Confidence

High

JSON

Added: 06/27/2024

Background

GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging (JAI) is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language provided by JAI-EXT.

Problem

A vulnerability in the handling of Jiffle requests by JAI-EXT could allow a remote attacker to execute arbitrary comamnds on the GeoServer.

Resolution

Upgrade to version 1.2.22 or higher, or remove the janino-x.x.x.jar file.

References

<https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx&gt;

8 High

AI Score

Confidence

High

JSON