What is CVE-2022-24847?

CVE-2022-24847 is a high-severity vulnerability in Geoserver, classified under Improper Input Validation. CVSS score: 7.2/10. Published 2022-04-13.

How severe is CVE-2022-24847?

High severity. CVSS v3 base score is 7.2 out of 10.

Improper input validation in Geoserver

CVE-2022-24847

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserializat…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (52.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Geoserver — versions >= 2.20.0, < 2.20.4, < 2.19.6

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

github.com/geoserver/geoserver/security/advisories/GHSA-4pm3-f52j-8ggh (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-24847?: CVE-2022-24847 is a high-severity vulnerability in Geoserver, classified under Improper Input Validation. CVSS score: 7.2/10. Published 2022-04-13.
How severe is CVE-2022-24847?: High severity. CVSS v3 base score is 7.2 out of 10.