GeoServer Vulnerability - CVE-2023-35042

GeoServer 2 in some configurations allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.