CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24847 – Improper Input Validation in GeoServer
https://notcve.org/view.php?id=CVE-2022-24847
13 Apr 2022 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and u... • https://github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh • CWE-20: Improper Input Validation CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0CVE-2008-7227
https://notcve.org/view.php?id=CVE-2008-7227
14 Sep 2009 — PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors. PartialBufferOutputStream2 de GeoServer anterior a v1.6.1 y v1.7.0-beta1, intenta renovar los contenidos del búfer incluso cuando está trabajando un "búfer en memoria", esto evita que se muestren las excepciones en este servicio, lo que tiene un impacto y vectores de ... • http://jira.codehaus.org/browse/GEOS-1747 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •