Security News > 2024 > July > CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
The U.S. Cybersecurity and Infrastructure Security Agency on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation.
GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data.
The vulnerability, tracked as CVE-2024-36401, concerns a case of remote code execution that could be triggered through specially crafted input.
"Multiple OGC request parameters allow Remote Code Execution by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions," according to an advisory released by the project maintainers earlier this month.
It's currently not clear how the vulnerability is being exploited in the wild.
The development comes as reports have emerged about the active exploitation of a remote code execution vulnerability in the Ghostscript document conversion toolkit that could be leveraged to escape the -dSAFER sandbox and run arbitrary code.
News URL
https://thehackernews.com/2024/07/cisa-warns-of-actively-exploited-rce.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-36401 | Code Injection vulnerability in multiple products GeoServer is an open source server that allows users to share and edit geospatial data. | 9.8 |