CVE ID: CVE-2022-24816
Vendor/Project: GeoSolutionsGroup
Product: JAI-EXT
Vulnerability Name: GeoSolutionsGroup JAI-EXT Code Injection Vulnerability
Date Added: 2024-06-26
Short Description: GeoSolutionsGroup JAI-EXT, a component of GeoSolutions GeoServer, contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-07-17
Known Ransomware Use: Unknown
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. The patched JAI-EXT is version 1.1.22: https://github.com/geosolutions-it/jai-ext/releases/tag/1.1.22, https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx
CVE ID: CVE-2022-24816 Vendor/Project: GeoSolutionsGroup Product: JAI-EXT Vulnerability Name: GeoSolutionsGroup JAI-EXT Code Injection Vulnerability Date Added: 2024-06-26 Short Description: GeoSolutionsGroup JAI-EXT, a component of GeoSolutions GeoServer, contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution. Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2024-07-17 Known Ransomware Use: Unknown Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. The patched JAI-EXT is version 1.1.22: https://github.com/geosolutions-it/jai-ext/releases/tag/1.1.22, https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx