Remote Code Execution Vulnerability between GeoServer and GeoTools (CVE-2024-36401/CVE-2024-36404) Notification
July 3, 2024
Overview Recently, NSFOCUS CERT detected that GeoServer and GeoTools issued security announcements and fixed the XPath expression injection vulnerability in GeoServer and GeoTools (CVE-2024-36404). As the GeoTools library API called by GeoServer will pass the attribute name of element type to commons-jxpath library in an insecure manner, this library can execute arbitrary code when parsing […]