THREAT OPS › CVEs › CVE-2024-36401
CVE-2024-36401 — OSGeo GeoServer GeoTools Eval Injection Vulnerability
OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input.
Vulnerability details
- Affected productsGeoServer
- KEV remediation due2024-08-05
Related reporting
- June 2026 CVE Landscaperecordedfuture