GHSA-GR67-PWCV-76GF GeoServer Infinite Loop Vulnerability in Jiffle process

Summary Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. Details The Jiffle language supports multiple loop constructs that will cause its code block...

GeoServer Infinite Loop Vulnerability in Jiffle process

Summary Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. Details The Jiffle language supports multiple loop constructs that will cause its code block...

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This...

CVE-2025-30145

CVE-2025-30145 affects GeoServer; malicious Jiffle scripts can enter an infinite loop when used in WMS dynamic styling or a WPS process, enabling denial of service. Affected behavior is described as rendering transformations or WPS processes that may loop indefinitely. The issue is fixed in GeoSe...

CVE-2025-30145 GeoServer has an Infinite Loop Vulnerability in Jiffle process

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This...

PT-2025-24672 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.25.7 GeoServer versions prior to 2.26.3 GeoServer versions prior to 2.27.0 Description: The issue allows malicious Jiffle scripts to be executed, potentially triggering a denial of service through an infinite loo...

VulnCheck KEV: CVE-2022-24816

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution...

PT-2022-16896 · Jai-Ext +2 · Jai-Ext +2

Name of the Vulnerable Software and Affected Versions: JAI-EXT versions prior to 1.2.22 GeoServer affected versions not specified Description: Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via...

JAI-EXT 代码注入漏洞

JAI-EXT is an API. capable of processing images in a multi-threaded environment. A code injection vulnerability exists in JAI-EXT that allows an attacker to request a program that provides Jiffle scripts over the network and cause remote code execution...