CVE-2022-24816 - OSGeo GeoServer JAI-EXT Code Injection Vulnerability
CVE-2022-24816
OSGeo | JAI-EXT
- Date Added:
- 2024-06-26
- Due Date:
- 2024-07-17
- Vulnerability Name
OSGeo GeoServer JAI-EXT Code Injection Vulnerability
- Description
OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Additional Notes
- This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. The patched JAI-EXT is version 1.1.22: https://github.com/geosolutions-it/jai-ext/releases/tag/1.1.22, https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx; https://nvd.nist.gov/vuln/detail/CVE-2022-24816
Free security scan for your website