GeoServer RCE via Runtime.exec in WPS
CVE-2023-35042 Published on June 12, 2023

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.

NVD

Products Associated with CVE-2023-35042

Want to know whenever a new CVE is published for Geoserver? stack.watch will email you.

Geoserver

Exploit Probability

EPSS

34.28%

Percentile

97.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

GeoServer RCE via Runtime.exec in WPSCVE-2023-35042 Published on June 12, 2023

Products Associated with CVE-2023-35042

Exploit Probability

GeoServer RCE via Runtime.exec in WPS
CVE-2023-35042 Published on June 12, 2023