Security Advisory

CVE-2023-35042

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-06-12 00:00:00
Last updated 2024-11-27 15:06:46
Assigner mitre
State PUBLISHED

Description

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.