Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unchecked JNDI lookups in GeoTools
Vulnerability Description
GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case, the vulnerability can be triggered if the JNDI names are user-provided, but requires admin-level login to be triggered. The lookups are now restricted in GeoTools 26.4, GeoTools 25.6, and GeoTools 24.6. Users unable to upgrade should ensure that any downstream application should not allow usage of remotely provided JNDI strings.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
GeoTools 输入验证错误漏洞
Vulnerability Description
GeoTools是一个开源 Java 库。为地理空间数据提供工具。 GeoTools存在输入验证错误漏洞,该漏洞源于GeoTools库有许多可以执行JNDI查找的数据源,这些数据源用于执行类反序列化并导致任意代码执行。以下产品及版本受到影响:GeoTools 26.4、GeoTools 25.6、GeoTools 24.6。
CVSS Information
N/A
Vulnerability Type
N/A