Security News > 2024 > July > CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
2024-07-16 04:01

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation.

GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data.

The vulnerability, tracked as CVE-2024-36401, concerns a case of remote code execution that could be triggered through specially crafted input.

"Multiple OGC request parameters allow Remote Code Execution by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions," according to an advisory released by the project maintainers earlier this month.

It's currently not clear how the vulnerability is being exploited in the wild.

The development comes as reports have emerged about the active exploitation of a remote code execution vulnerability in the Ghostscript document conversion toolkit that could be leveraged to escape the -dSAFER sandbox and run arbitrary code.


News URL

https://thehackernews.com/2024/07/cisa-warns-of-actively-exploited-rce.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-36401 Code Injection vulnerability in multiple products
GeoServer is an open source server that allows users to share and edit geospatial data.
network
low complexity
geoserver geotools CWE-94
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Geoserver 2 0 9 5 2 16