daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor-update

patch-6
Dhiyaneshwaran 2024-07-16 17:38:49 +05:30 committed by GitHub
parent 7d7ab858b2
commit 6b5e3f8a7c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
http/cves/2024/CVE-2024-36401.yaml
View File

@ -2,9 +2,7 @@ id: CVE-2024-36401
info: info:
name: GeoServer RCE in Evaluating Property Name Expressions name: GeoServer RCE in Evaluating Property Name Expressions
author: author: DhiyaneshDk
- DhiyaneshDk
- GarysMortalEnemy
severity: critical severity: critical
description: | description: |
In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.