GeoServer, an open-source tool used to share and modify geospatial data, is under attack. CVE-2024-36401, which impacts the GeoTools plugin, has a severity rating of 9.8 and arises from the unsafe evaluation of property names as XPath expressions. The GeoTools library API exposes property and attribute names for feature types to the commons-jxpath library during […]
The post GeoServer Critical RCE Flaw Actively Exploited, Warns CISA appeared first on SecPod Blog.