CVE-2023-35042

Name of the Vulnerable Software and Affected Versions GeoServer 2 (affected versions not specified)

Description The issue is related to insufficient input validation in the java.lang.Runtime.getRuntime().exec function of the GeoServer software, which can allow remote attackers to execute arbitrary code. This has been exploited in the wild in June 2023. The vendor states that they are unable to reproduce this in any version.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.