← voltar
CVE-2023-35042

CVE-2023-35042

EPSS 44.8%
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://docs.geoserver.org/stable/en/user/services/wps/operations.html#executehttps://isc.sans.edu/diary/29936