CVE-2024-36401 | GeoServer up to 2.23.5/2.24.3/2.25.1 OGC Request neutralization of directives (GHSA-6jj6-gm7p-fcvv)
A vulnerability classified as very critical has been found in GeoServer up to 2.23.5/2.24.3/2.25.1. This affects an unknown part of the component OGC Request Handler. The manipulation leads to improper neutralization of directives in dynamically evaluated code ('eval injection').
This vulnerability is uniquely identified as CVE-2024-36401. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.