4 matches found
CVE-2024-36401
GeoServer (open source geospatial server) is affected by CVE-2024-36401, stemming from GeoTools’ unsafe evaluation of property/attribute names as XPath expressions. This leads to Remote Code Execution (RCE) when unauthenticated users craft input that triggers the evaluation path. Impact applies t...
CVE-2025-30220
Geoserver-related CVE-2025-30220 is an XXE processing vulnerability in the GeoTools gt-xsd-core handling used by GeoServer WFS. The issue arises when building in‑memory XSD schemas without applying a proper EntityResolver, enabling unauthenticated attackers to exfiltrate local files and trigger S...
CVE-2023-25158
CVE-2023-25158 (GeoTools) is a SQL injection vulnerability affecting the OGC Filter handling when used with JDBCDataStore implementations. The issue arises from unsafe SQL construction in filters such as PropertyIsLike, strEndsWith, strStartsWith, FeatureId, jsonArrayContains, and DWithin, leadin...
CVE-2022-24818
CVE-2022-24818 – GeoTools is an open‑source Java library for geospatial data. It is affected by unchecked JNDI lookups that can lead to class deserialization and arbitrary code execution when JNDI names are user‑provided. The vulnerability requires admin‑level login to trigger, and is mitigated b...