daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor-update

patch-6
Dhiyaneshwaran 2024-07-16 17:38:49 +05:30 committed by GitHub
parent 7d7ab858b2
commit 6b5e3f8a7c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
http/cves/2024/CVE-2024-36401.yaml
View File

@ -2,9 +2,7 @@ id: CVE-2024-36401
info:
name: GeoServer RCE in Evaluating Property Name Expressions
author:
- DhiyaneshDk
- GarysMortalEnemy
author: DhiyaneshDk
severity: critical
description: |
In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.