daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add author name

patch-6
Dhiyaneshwaran 2024-07-16 17:46:41 +05:30 committed by GitHub
parent 4651d77e9c
commit 2db502e313
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
http/cves/2024/CVE-2024-36401.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2024-36401
info: info:
name: GeoServer RCE in Evaluating Property Name Expressions name: GeoServer RCE in Evaluating Property Name Expressions
author: DhiyaneshDk author: DhiyaneshDk,ryanborum
severity: critical severity: critical
description: | description: |
In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.