GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGeoserver
APPGeoserver≥ 2.0.0
Related vulnerabilities
GeoServer RCE przez niezabezpieczoną ewaluację XPath w parametrach OGC
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to...
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23...
GeoServer is an open source software server written in Java that allows users to share and edit geospatial dat...
GeoServer is an open source software server written in Java that allows users to share and edit geospatial dat...