Description
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
Remediation
References
Related Vulnerabilities
Jenkins Improper Authentication Vulnerability (CVE-2018-1999045)
WordPress Plugin Add Custom Link to WordPress Admin Bar Cross-Site Scripting (1.0)
WordPress Plugin One Click Upsell Funnel for WooCommerce Unspecified Vulnerability (2.0.0)
WordPress Plugin Contact Form 7 Database Multiple Vulnerabilities (1.1)