📦 Geotools

This XXE vulnerability in GeoServer's GeoTools Schema class allows attackers to read arbitrary files from the server or perform server-side request forgery when processing malicious XML documents. It ...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on GeoServer instances by sending specially crafted OGC requests. It affects ALL default GeoServer installations du...

CVE-2022-24818 is a JNDI injection vulnerability in GeoTools that allows remote code execution when user-controlled JNDI strings are processed. Similar to Log4Shell, it enables attackers to load malic...