daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2024-36401.yaml

patch-4
Ritik Chaddha 2024-07-04 14:02:33 +05:30 committed by GitHub
parent ed91710f72
commit 212ac1e28f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
http/cves/2024/CVE-2024-36401.yaml
View File

@ -6,7 +6,8 @@ info:
severity: critical
description: |
In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
impact: This vulnerability can lead to executing arbitrary code.
impact: |
This vulnerability can lead to executing arbitrary code.
reference:
- https://x.com/sirifu4k1/status/1808270303275241607
- https://nvd.nist.gov/vuln/detail/CVE-2024-36401