Vulnerability fixed in GeoServer

The developers of GeoServer have fixed a vulnerability. Proof-of-Concept PoC code for this vulnerability has appeared on the Internet. The vulnerability resides in the way XPath expressions are processed by the API and allows a malicious person to use specially prepared XPath expressions to execu...

PT-2022-5014 · Apache · Apache Commons Jxpath

Name of the Vulnerable Software and Affected Versions: Apache Commons JXPath affected versions not specified GeoServer versions prior to 2.23.6, 2.24.4, and 2.25.2 hermes-management versions prior to 2.2.9 Description: The issue is related to the application of external input for class selection ...