CVE-2024-36404

Remote Code Execution Vulnerability between GeoServer and GeoTools (CVE-2024-36401/CVE-2024-36404) Notification

julho 3, 2024

Overview Recently, NSFOCUS CERT detected that GeoServer and GeoTools issued security announcements and fixed the XPath expression injection vulnerability in GeoServer and GeoTools (CVE-2024-36404). As the GeoTools library API called by GeoServer will pass the attribute name of element type to commons-jxpath library in an insecure manner, this library can execute arbitrary code when parsing […]

Search

Inscreva-se no Blog da NSFOCUS