10 matches found
CVE-2022-24816
JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging JAI API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects th...
Exploit for Code Injection in Geosolutionsgroup Jai-Ext
Uso del script CVE-2022-24816 Requisitos previos 1. Clo...
GeoServer Jai-EXT RCE (CVE-2022-24816)
Binary data geoserverjaiextCVE-2022-24816.nbin...
VulnCheck KEV: CVE-2022-24816
OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution...
GHSA-59X6-G4JR-4HXC GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime.exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. RCE in Jiffle The Jiffle map algebra language, provided by jai-ext, allows efficient...
GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime.exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. RCE in Jiffle The Jiffle map algebra language, provided by jai-ext, allows efficient...
CVE-2022-24816
creationtimestamp| type| source ---|---|--- 2022-04-14 00:18:15+00:00| seen| https://t.me/cibsecurity/40743 2024-06-26 18:10:02+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-11-08 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-11-08 2024-11-13...
CVE-2022-24816 Improper Control of Generation of Code in jai-ext
JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging JAI API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects th...
CVE-2022-24816 Improper Control of Generation of Code in jai-ext
JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging JAI API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects th...
CVE-2022-24816
CVE-2022-24816 (JAI-EXT/Jai-EXT) affects GeoServer ecosystems where JAI-EXT allows a Jiffle script to be supplied over a network and then compiled to Java code via Janino, enabling Remote Code Execution. The GeoServer downstream is specifically noted. The known remediation is that version 1.2.22 ...