Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.geoserver/gs-wps@2.19.0
Typemaven
Namespaceorg.geoserver
Namegs-wps
Version2.19.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.19.6
Latest_non_vulnerable_version2.20.4
Affected_by_vulnerabilities
0
url VCID-ss4y-8zx7-qfcy
vulnerability_id VCID-ss4y-8zx7-qfcy
summary GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-35042
reference_id
reference_type
scores
0
value 0.30623
scoring_system epss
scoring_elements 0.96845
published_at 2026-06-14T12:55:00Z
1
value 0.30623
scoring_system epss
scoring_elements 0.96846
published_at 2026-06-13T12:55:00Z
2
value 0.34284
scoring_system epss
scoring_elements 0.97095
published_at 2026-06-11T12:55:00Z
3
value 0.34284
scoring_system epss
scoring_elements 0.97104
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-35042
1
reference_url https://geoserver.org/vulnerability/2022/04/11/geoserver-2-jiffle-jndi-rce.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://geoserver.org/vulnerability/2022/04/11/geoserver-2-jiffle-jndi-rce.html
2
reference_url https://github.com/geoserver/geoserver
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/geoserver/geoserver
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-35042
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-35042
4
reference_url https://osgeo-org.atlassian.net/browse/GEOS-10458
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://osgeo-org.atlassian.net/browse/GEOS-10458
5
reference_url https://isc.sans.edu/diary/29936
reference_id 29936
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:06:30Z/
url https://isc.sans.edu/diary/29936
6
reference_url https://github.com/advisories/GHSA-59x6-g4jr-4hxc
reference_id GHSA-59x6-g4jr-4hxc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59x6-g4jr-4hxc
7
reference_url https://docs.geoserver.org/stable/en/user/services/wps/operations.html#execute
reference_id operations.html#execute
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:06:30Z/
url https://docs.geoserver.org/stable/en/user/services/wps/operations.html#execute
fixed_packages
0
url pkg:maven/org.geoserver/gs-wps@2.19.6
purl pkg:maven/org.geoserver/gs-wps@2.19.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wps@2.19.6
1
url pkg:maven/org.geoserver/gs-wps@2.20.4
purl pkg:maven/org.geoserver/gs-wps@2.20.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wps@2.20.4
aliases CVE-2023-35042, GHSA-59x6-g4jr-4hxc
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ss4y-8zx7-qfcy
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wps@2.19.0