VDB

CVE-2024-36401

CVE-2024-36401 PUBLISHED KEV CVSS 9.800000190734863 CRITICAL

Remote Code Execution (RCE) vulnerability in geoserver

EPSS 94.42% · 100.0th percentile

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
94.42%
100.0th percentile

Affected Products

VendorProductVersions
geoservergeoserver0, 2.24.0, 2.25.0
Mavenorg.geoserver:gs-wms2.23.0, 0, 2.23.0
Mavenorg.geoserver:gs-wfs2.25.0, 2.24.0, 0
Mavenorg.geoserver.web:gs-web-app0, 2.24.0, 2.25.0
geoservergeoserver0, 2.25.0, 2.24.0
geotoolsgeotools31.0, 31.0, 30.0

Timeline

  • Jan 21, 1970 Security Advisory
  • Jul 1, 2024 CVE Published
  • Jul 2, 2024 EPSS Score
  • Jul 3, 2024 PoC Published
  • Jul 4, 2024 PoC Published
  • Jul 4, 2024 PoC Published
  • Jul 4, 2024 PoC Published
  • Jul 5, 2024 EPSS Score
  • Jul 5, 2024 PoC Published
  • Jul 5, 2024 PoC Published
  • Jul 5, 2024 PoC Published
  • Jul 6, 2024 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›