COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-36401

CVE-2024-36401

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-07-15
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-36401
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wild

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted inpu

Players implicated

OSGeo · vendorGeoServer · product

Description

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.