CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

The vulnerability of the JXPath object query processing library, related to writing beyond buffer boundaries, allows attackers to trigger a service failure.

The vulnerability of the JXPath object processing library is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

Exploit for CVE-2022-41852

Remote Code Execution in JXPath Library CVE-2022-41852 Proof...

PT-2022-7240 · Jxpath · Jxpath

Name of the Vulnerable Software and Affected Versions: JXPath affected versions not specified Description: The issue is related to a buffer overflow in memory, which could allow a remote attacker to cause a denial of service. The problem may occur when the JXPath library is used to interpret XPat...

PT-2022-7239 · Jxpath · Jxpath

Name of the Vulnerable Software and Affected Versions: JXPath affected versions not specified Description: The issue is related to a buffer overflow in the JXPath library, which can be exploited by a remote attacker to cause a denial of service. If the parser is running on user-supplied input, an...