GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.geoserver:gs-wms(Maven) | 0 | 2.18.6 | N/A |
| org.geoserver:gs-wfs(Maven) | 0 | 2.18.6 | N/A |
| org.geoserver:gs-wms(Maven) | 2.19.0 | 2.19.6 | N/A |
| org.geoserver:gs-wfs(Maven) | 2.19.0 | 2.19.6 | N/A |
| org.geoserver:gs-wms(Maven) | 2.20.0 | 2.20.4 | N/A |
| org.geoserver:gs-wfs(Maven) | 2.20.0 | 2.20.4 | N/A |
| org.geoserver:gs-wps(Maven) | 0 | 2.18.6 | N/A |
| org.geoserver:gs-wps(Maven) | 2.19.0 | 2.19.6 | N/A |
| org.geoserver:gs-wps(Maven) | 2.20.0 | 2.20.4 | N/A |
CVSS Metrics
