FAIL › dossier
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2024-07-15 | CVE-2024-36401 | high | ⚡RCE ⌖KEV | 65 | OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted inpu |
| 2024-06-26 | CVE-2022-24816 | high | ⚡RCE ⌖KEV | 65 | OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution. |
| 2025-12-11 | CVE-2025-58360 | high | ⌖KEV | 50 | OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML re |