GeoServer Vulnerability - CVE-2023-35042 - Vulnerability Database

GeoServer Vulnerability - CVE-2023-35042

Critical
Reference: CVE-2023-35042
Title: GeoServer Vulnerability
Overview:

GeoServer 2 in some configurations allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.