Lucene search
K
GeotoolsGeotools

4 matches found

CVE
CVE
•added 2024/07/01 3:25 p.m.•410 views

CVE-2024-36401

GeoServer (open source geospatial server) is affected by CVE-2024-36401, stemming from GeoTools’ unsafe evaluation of property/attribute names as XPath expressions. This leads to Remote Code Execution (RCE) when unauthenticated users craft input that triggers the evaluation path. Impact applies t...

9.8CVSS9.8AI score0.99813EPSS
In wildWeb
CVE
CVE
•added 2025/06/10 3:16 p.m.•235 views

CVE-2025-30220

Geoserver-related CVE-2025-30220 is an XXE processing vulnerability in the GeoTools gt-xsd-core handling used by GeoServer WFS. The issue arises when building in‑memory XSD schemas without applying a proper EntityResolver, enabling unauthenticated attackers to exfiltrate local files and trigger S...

9.9CVSS9.3AI score0.50825EPSS
In wild
CVE
CVE
•added 2023/02/21 8:57 p.m.•102 views

CVE-2023-25158

CVE-2023-25158 (GeoTools) is a SQL injection vulnerability affecting the OGC Filter handling when used with JDBCDataStore implementations. The issue arises from unsafe SQL construction in filters such as PropertyIsLike, strEndsWith, strStartsWith, FeatureId, jsonArrayContains, and DWithin, leadin...

9.8CVSS10AI score0.01072EPSS
CVE
CVE
•added 2022/04/13 8:55 p.m.•98 views

CVE-2022-24818

CVE-2022-24818 – GeoTools is an open‑source Java library for geospatial data. It is affected by unchecked JNDI lookups that can lead to class deserialization and arbitrary code execution when JNDI names are user‑provided. The vulnerability requires admin‑level login to trigger, and is mitigated b...

8.2CVSS7.5AI score0.02257EPSS