CVE-2022-24818: Java Deserialization via Unchecked JNDI Lookups in GeoServer and GeoTools
CVE-2022-24818: Java Deserialization via Unchecked JNDI Lookups in GeoServer and GeoTools The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution As an example this can happen in GeoServer, but requires admin-level login to be triggered Vendor D