3 matches found
CVE-2023-35042
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime.exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version...
CVE-2023-35042
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime.exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version...
CVE-2023-35042
GeoServer 2.x is affected by a remote code execution vulnerability where an attacker can exploit java.lang.Runtime.getRuntime().exec in wps:LiteralData inside a wps:Execute request, as observed in the wild in June 2023. Multiple sources describe this issue and its impact as arbitrary code executi...