Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-bb6j-68py-cbe8

Summary

Aliases

alias	CVE-2024-36401

alias	GHSA-6jj6-gm7p-fcvv

Fixed_packages

url	pkg:maven/org.geoserver/gs-wfs@2.22.6
purl	pkg:maven/org.geoserver/gs-wfs@2.22.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wfs@2.22.6

url	pkg:maven/org.geoserver/gs-wfs@2.23.6
purl	pkg:maven/org.geoserver/gs-wfs@2.23.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wfs@2.23.6

url	pkg:maven/org.geoserver/gs-wfs@2.24.4
purl	pkg:maven/org.geoserver/gs-wfs@2.24.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wfs@2.24.4

url	pkg:maven/org.geoserver/gs-wfs@2.25.2
purl	pkg:maven/org.geoserver/gs-wfs@2.25.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wfs@2.25.2

url	pkg:maven/org.geoserver/gs-wms@2.22.6
purl	pkg:maven/org.geoserver/gs-wms@2.22.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wms@2.22.6

url	pkg:maven/org.geoserver/gs-wms@2.23.6
purl	pkg:maven/org.geoserver/gs-wms@2.23.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wms@2.23.6

url	pkg:maven/org.geoserver/gs-wms@2.24.4
purl	pkg:maven/org.geoserver/gs-wms@2.24.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wms@2.24.4

url	pkg:maven/org.geoserver/gs-wms@2.25.2
purl	pkg:maven/org.geoserver/gs-wms@2.25.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wms@2.25.2

url	pkg:maven/org.geoserver.web/gs-web-app@2.22.6
purl	pkg:maven/org.geoserver.web/gs-web-app@2.22.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver.web/gs-web-app@2.22.6

url	pkg:maven/org.geoserver.web/gs-web-app@2.23.6
purl	pkg:maven/org.geoserver.web/gs-web-app@2.23.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver.web/gs-web-app@2.23.6

url	pkg:maven/org.geoserver.web/gs-web-app@2.24.4
purl	pkg:maven/org.geoserver.web/gs-web-app@2.24.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver.web/gs-web-app@2.24.4

url	pkg:maven/org.geoserver.web/gs-web-app@2.25.2
purl	pkg:maven/org.geoserver.web/gs-web-app@2.25.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver.web/gs-web-app@2.25.2

Affected_packages

url pkg:maven/org.geoserver/gs-wfs@2.23.0

purl pkg:maven/org.geoserver/gs-wfs@2.23.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bb6j-68py-cbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wfs@2.23.0

url pkg:maven/org.geoserver/gs-wfs@2.24.0

purl pkg:maven/org.geoserver/gs-wfs@2.24.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bb6j-68py-cbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wfs@2.24.0

url pkg:maven/org.geoserver/gs-wfs@2.25.0

purl pkg:maven/org.geoserver/gs-wfs@2.25.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bb6j-68py-cbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wfs@2.25.0

url pkg:maven/org.geoserver/gs-wms@2.23.0

purl pkg:maven/org.geoserver/gs-wms@2.23.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bb6j-68py-cbe8

vulnerability	VCID-gu2a-1t4x-nfbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wms@2.23.0

url pkg:maven/org.geoserver/gs-wms@2.24.0

purl pkg:maven/org.geoserver/gs-wms@2.24.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bb6j-68py-cbe8

vulnerability	VCID-uj3b-xa6b-hkdz

vulnerability	VCID-xhzd-8vxq-3fb1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wms@2.24.0

url pkg:maven/org.geoserver/gs-wms@2.25.0

purl pkg:maven/org.geoserver/gs-wms@2.25.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bb6j-68py-cbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver/gs-wms@2.25.0

url pkg:maven/org.geoserver.web/gs-web-app@2.23.0

purl pkg:maven/org.geoserver.web/gs-web-app@2.23.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bb6j-68py-cbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver.web/gs-web-app@2.23.0

url pkg:maven/org.geoserver.web/gs-web-app@2.24.0

purl pkg:maven/org.geoserver.web/gs-web-app@2.24.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5wjk-a8bz-3bbg

vulnerability	VCID-bb6j-68py-cbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver.web/gs-web-app@2.24.0

url pkg:maven/org.geoserver.web/gs-web-app@2.25.0

purl pkg:maven/org.geoserver.web/gs-web-app@2.25.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bb6j-68py-cbe8

vulnerability	VCID-ykv3-1zt9-myan

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.geoserver.web/gs-web-app@2.25.0

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-36401

reference_id

reference_type

scores

value	0.94425
scoring_system	epss
scoring_elements	0.99984
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-36401

reference_url	https://github.com/geotools/geotools/pull/4797
reference_id
reference_type
scores
url	https://github.com/geotools/geotools/pull/4797

reference_url	https://osgeo-org.atlassian.net/browse/GEOT-7587
reference_id
reference_type
scores
url	https://osgeo-org.atlassian.net/browse/GEOT-7587

reference_url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-36401
reference_id
reference_type
scores
url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-36401

reference_url	https://www.vicarius.io/vsociety/posts/geoserver-rce-cve-2024-36401
reference_id
reference_type
scores
url	https://www.vicarius.io/vsociety/posts/geoserver-rce-cve-2024-36401

reference_url	https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852
reference_id	CVE-2022-41852?TAB=README-OV-FILE#WORKAROUND-FOR-CVE-2022-41852
reference_type
scores
url	https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-36401
reference_id	CVE-2024-36401
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-36401

reference_url

https://github.com/advisories/GHSA-6jj6-gm7p-fcvv

reference_id

GHSA-6jj6-gm7p-fcvv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6jj6-gm7p-fcvv

reference_url

https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv

reference_id

GHSA-6jj6-gm7p-fcvv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv

reference_url	https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w
reference_id	GHSA-w3pj-wh35-fq8w
reference_type
scores
url	https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w

Weaknesses

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

cwe_id	95
name	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
description	The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. eval).

Exploits

Severity_range_score 9.0 - 10.0

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bb6j-68py-cbe8

Vulnerability Instance