## https://sploitus.com/exploit?id=SAINT:4D43F3E7BABB4800CE51B8AFE4397DD8
Added: 06/27/2024
### Background
[GeoServer](<https://geoserver.org/>) is an open source server for sharing geospatial data. Java Advanced Imaging (JAI) is an API which provides a set of high level objects for the image processing. [JAI-EXT](<https://github.com/geosolutions-it/jai-ext>) is an open source project which extends the JAI API. Jiffle is a map algebra language provided by JAI-EXT.
### Problem
A vulnerability in the handling of Jiffle requests by JAI-EXT could allow a remote attacker to execute arbitrary comamnds on the GeoServer.
### Resolution
Upgrade to version 1.2.22 or higher, or remove the janino-x.x.x.jar file.
### References
<https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx>