In a recent advisory, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability in Geoserver Geotools that is actively being exploited in attacks.
Geoserver is a widely-used open source server that enables users to share, process, and manipulate geospatial data. According to information provided by the developers of Geoserver on June 30, a critical security vulnerability identified as CVE-2024-36401 has been discovered in the geotools plugin. This vulnerability, with a severity rating of 9.8 on the CVSS scale, stems from an insecure evaluation of properties as expressions navigating the structure of XML documents to extract specific information.
The exploitation of this vulnerability allows threat actors to extract information from numerous XML files, generate reports, modify, or delete elements or attributes within the XML domain. This is accomplished through the use of XPATH in conjunction with XSLT (XSL Transformations) for converting XML documents into other formats like HTML or PDF.
XPATH, a standard query language for XML, is widely supported by various programming languages and development tools including Java, C#, Python, and others.