← back
CVE-2023-35042

CVE-2023-35042

EPSS 44.8%
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.geoserver.org/stable/en/user/services/wps/operations.html#executehttps://isc.sans.edu/diary/29936