CVE-2024-36401 | GeoServer up to 2.23.5/2.24.3/2.25.1 OGC Request neutralization of directives (GHSA-6jj6-gm7p-fcvv)

Inserito da Angelo Barbosa | Lug 1, 2024 | CVE

A vulnerability classified as very critical has been found in GeoServer up to 2.23.5/2.24.3/2.25.1. This affects an unknown part of the component OGC Request Handler. The manipulation leads to improper neutralization of directives in dynamically evaluated code (‘eval injection’).

This vulnerability is uniquely identified as CVE-2024-36401. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-36401 | GeoServer up to 2.23.5/2.24.3/2.25.1 OGC Request neutralization of directives (GHSA-6jj6-gm7p-fcvv)

Post correlati

CVE-2023-43609 | Emerson Rosemount GC370XA 4.1.5 improper authorization (icsa-24-030-01)

CVE-2024-3257 | SourceCodester Internship Portal Management System 1.0 edit_activity_query.php title/description/start/end sql injection

CVE-2024-41978 | Siemens RUGGEDCOM RM1224 LTE(4G) EU up to 8.0 2FA Token log file (ssa-087301)

CVE-2024-7251 | Comodo Internet Security Pro 12.2.4.8032 link following (ZDI-24-956)