Browse all 3 CVE security advisories affecting geotools. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GeoTools is an open-source Java library for geospatial data processing, widely used in mapping and GIS applications. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from unsafe deserialization and improper input validation. The project maintains a security-focused development approach, though its complex architecture presents ongoing challenges. With three CVEs currently recorded, the library remains susceptible to flaws in data parsing and coordinate transformation. While no major public incidents have been documented, the potential for RCE through malicious geospatial data represents a persistent risk for implementations handling untrusted input sources.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-36404 | GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions — geotoolsCWE-95 | 9.8 | Critical | 2024-07-02 |
| CVE-2023-25158 | Unfiltered SQL Injection in Geotools — geotoolsCWE-89 | 9.8 | Critical | 2023-02-21 |
| CVE-2022-24818 | Unchecked JNDI lookups in GeoTools — geotoolsCWE-20 | 8.2 | High | 2022-04-13 |
This page lists every published CVE security advisory associated with geotools. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.