CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jul 17, 2024
High
CISA KEVCVE-2022-24816
OSGeo—JAI-EXT
OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.
Required Action
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. The patched JAI-EXT is version 1.1.22: https://github.com/geosolutions-it/jai-ext/releases/tag/1.1.22, https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx; https://nvd.nist.gov/vuln/detail/CVE-2022-24816
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Jun 26, 2024
- KEV Added
- Jun 26, 2024
- Due Date
- Jul 17, 2024
- Related Articles
- 0
Vendor
OSGeo
JAI-EXT