GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.
#VULNERABILITY

The latest information on known vulnerabilities in popular software and systems.

Latest web security & vulnerabilities, product releases, product docs and faq blogs.

CVEDetails.com is a vulnerability intelligence solution providing CVE security vulnerability database, exploits, advisories, product and CVE risk scores, attack surface intelligence, open source vulnerabilities, code changes, vulnerabilities affecting your attack surface and software inventory/tech stack. You can view CVE vulnerability details, exploits, references, metasploit modules, full list of vulnerable products and cvss score reports and vulnerability trends over time

Extremely passionate about Windows exploit development, internals, C, Assembly, or anything low-level.

Your comprehensive database for CVE exploits from across the internet.

CWE (Common Weakness Enumeration) is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.

The world's best dynamic repository for security vulnerabilities.

A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities.

Kroll specialists regularly publish articles, blogs, studies and books that help our clients better understand the changing business landscape. Browse our featured items below, or search for all recent materials by service, industry or topic.

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 252428 CVEs are indexed from NVD.

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

Third party vulnerabilities that have been reported by VulnCheck.

The leading database for open source vulnerabilities and cloud misconfigurations.

A blog about vulnerabilities and attacks affecting VoIP and WebRTC applications and infrastructure by Enable Security.

The web application vulnerabilities index lists vulnerabilities according to its severity and is classified by the compliance standard it falls under.

RTC security Research, talks and tools. We are researchers in cyber-security, continually educating ourselves and developing knowledge and code. By sharing what we learn, we hope to push RTC security forward.

A list of all publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by security filters delivered ahead of public disclosure.

Cyber security insights and guidance from the frontlines. Read expert perspectives and get all the latest cyber security industry news at the Mandiant blog.

0day Today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals. Our aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy-to-navigate database. This was written solely for educational purposes. Use it at your own risk. The author will be not responsible for any damage.

Well-documented, relevant, reliably discovered vulnerabilities and dedicated tools for pentesters by our IT security experts. TL;DR - we break things.

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.