CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jul 17, 2024

CVE-2022-24816

High

EPSS 93.7%CISA KEV

OSGeo/JAI-EXT

Description

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.

EPSS — Exploit Probability

93.7%

Higher than 99.8% of all CVEs

Required Action

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. The patched JAI-EXT is version 1.1.22: https://github.com/geosolutions-it/jai-ext/releases/tag/1.1.22, https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx; https://nvd.nist.gov/vuln/detail/CVE-2022-24816

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 93.7%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Jun 26, 2024

Added to KEV

Jun 26, 2024

Remediation Due

Jul 17, 2024

Affected Product

OSGeo

JAI-EXT

View all OSGeo CVEs

External Links

NVD (NIST)CVE Details MITRE CVE