minor-update
parent
7d7ab858b2
commit
6b5e3f8a7c
|
@ -2,9 +2,7 @@ id: CVE-2024-36401
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: GeoServer RCE in Evaluating Property Name Expressions
|
name: GeoServer RCE in Evaluating Property Name Expressions
|
||||||
author:
|
author: DhiyaneshDk
|
||||||
- DhiyaneshDk
|
|
||||||
- GarysMortalEnemy
|
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
|
In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
|
||||||
|
|
Loading…
Reference in New Issue