← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-24816 — Actively Exploited: JAI-EXT (OSGeo)

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.

CVE IDCVE-2022-24816
VendorOSGeo
ProductJAI-EXT
Vulnerability nameOSGeo GeoServer JAI-EXT Code Injection Vulnerability
Date added2024-06-26
Remediation due2024-07-17
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionOSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →