WEB APPLICATION VULNERABILITIES Standard & Premium

GeoServer CVE-2023-35042 Vulnerability (CVE-2023-35042)

Description

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.

Remediation

References

Related Vulnerabilities

Moodle Resource Management Errors Vulnerability (CVE-2014-7847)

WordPress Plugin RSS Includes Pages Unspecified Vulnerability (3.1)

WordPress Plugin WP-Stats Multiple Vulnerabilities (2.51)

WordPress Plugin Leaky Paywall PHP Object Injection (4.9.1)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.18)

Severity

Critical

Classification

CVE-2023-35042 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities