OSGeo GeoServer RCE (CVE-2024-36401)

The version of OSGeo GeoServer installed on the remote host is affected by a remote code executionvulnerability, as follows: - Multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to...

The vulnerability of the application software interface of the GeoTools library, used for managing and publishing geospatial data on the OSGeo GeoServer server, allows a perpetrator to execute arbitrary code.

The vulnerability of the application software interface of the GeoTools library, used for managing and publishing geospatial data on the OSGeo GeoServer server, is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a...

Remote Code Execution (RCE) vulnerability in geoserver

Summary Multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. Details The GeoTools library API that GeoServer calls evaluates...

CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...