Lucene search
K

71 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 9:54 p.m.9 views

CVE-2022-24818

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

8.2CVSS7.5AI score0.02257EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/05 3:32 p.m.22 views

GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

Summary Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Details The following methods pass XPath expressions to the commons-jxpath library which can execute arbitrary code and would be a security iss...

9.8CVSS7.9AI score0.74908EPSS
Exploits1References18Affected Software3
OSV
OSV
added 2025/02/05 3:32 p.m.17 views

GHSA-W3PJ-WH35-FQ8W GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

Summary Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Details The following methods pass XPath expressions to the commons-jxpath library which can execute arbitrary code and would be a security iss...

9.8CVSS9.8AI score0.99813EPSS
Exploits26References18
RedhatCVE
RedhatCVE
added 2025/02/05 4:49 a.m.15 views

CVE-2024-36404

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS7.5AI score0.74908EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/11/22 2:21 p.m.347 views

Exploit for Code Injection in Geoserver

CVE-2024-36401-poc CVE-2024-36401 is a high-risk remote code...

9.8CVSS8AI score0.99813EPSS
Exploits25
Tenable Nessus
Tenable Nessus
added 2024/08/12 12:0 a.m.6 views

OSGeo GeoTools Installed (Windows)

Binary data osgeogeotoolswininstalled.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/08/02 12:0 a.m.34 views

OSGeo GeoTools RCE (CVE-2024-36404)

The version of OSGeo GeoTools installed on the remote host is affected by a remote code execution vulnerability, as follows: - Remote Code Execution is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Note that Nessus has not...

9.8CVSS7AI score0.74908EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/08/02 12:0 a.m.64 views

OSGeo GeoServer RCE (CVE-2024-36401)

The version of OSGeo GeoServer installed on the remote host is affected by a remote code executionvulnerability, as follows: - Multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to...

9.8CVSS9.4AI score0.99813EPSS
Exploits25References2
Tenable Nessus
Tenable Nessus
added 2024/07/26 12:0 a.m.8 views

OSGeo GeoTools Installed (Linux / Unix)

Binary data osgeogeotoolsnixinstalled.nbin...

7.3AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/07/16 4:1 a.m.59 views

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that...

9.8CVSS9.7AI score0.99813EPSS
Exploits31
CISA KEV Catalog
CISA KEV Catalog
added 2024/07/15 12:0 a.m.44 views

OSGeo GeoServer GeoTools Eval Injection Vulnerability

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input...

9.8CVSS8.2AI score0.99813EPSS
In wildExploits25
GithubExploit
GithubExploit
added 2024/07/12 7:1 a.m.373 views

Exploit for Code Injection in Geoserver

RCE vulnerability in GeoServer CVE-2024-36401 - detection sc...

9.8CVSS10AI score0.99813EPSS
Exploits25
GithubExploit
GithubExploit
added 2024/07/06 1:10 a.m.260 views

Exploit for Code Injection in Geoserver

CVE-2024-36401 Remote Code Execution RCE Vulnerability In...

9.8CVSS9.9AI score0.99813EPSS
Exploits25
BDU FSTEC
BDU FSTEC
added 2024/07/04 12:0 a.m.7 views

The vulnerability of the application software interface of the GeoTools library, used for managing and publishing geospatial data on the OSGeo GeoServer server, allows a perpetrator to execute arbitrary code.

The vulnerability of the application software interface of the GeoTools library, used for managing and publishing geospatial data on the OSGeo GeoServer server, is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a...

10CVSS8.3AI score0.99813EPSS
Exploits25References7Affected Software2
VulnCheck KEV
VulnCheck KEV
added 2024/07/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-36401

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input...

9.8CVSS7.7AI score0.99813EPSS
Exploits25References1
NVD
NVD
added 2024/07/02 2:15 p.m.34 views

CVE-2024-36404

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS0.74908EPSS
Exploits0References16
CVE
CVE
added 2024/07/02 1:39 p.m.110 views

CVE-2024-36404

GeoTools CVE-2024-36404: RCE in evaluating user-supplied XPath expressions affects prior releases; fixes are in 31.2, 30.4, and 29.6. Workarounds include running with reduced functionality by removing the gt-complex jar, which may break application schema queries. A drop-in replacement jar is ava...

9.8CVSS9.7AI score0.74908EPSS
Exploits0References16
Cvelist
Cvelist
added 2024/07/02 1:39 p.m.48 views

CVE-2024-36404 GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS0.74908EPSS
Exploits0References16
OSV
OSV
added 2024/07/02 1:39 p.m.39 views

CVE-2024-36404 GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS7AI score0.74908EPSS
Exploits1References18
Vulnrichment
Vulnrichment
added 2024/07/02 1:39 p.m.30 views

CVE-2024-36404 GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS7.5AI score0.74908EPSS
Exploits0References16
Rows per page
Query Builder