← volver
CVE-2023-35042

CVE-2023-35042

EPSS 44.8%
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://docs.geoserver.org/stable/en/user/services/wps/operations.html#executehttps://isc.sans.edu/diary/29936