CVE-2022-24816

CRITICAL KEV NUCLEI

jai-ext < 1.1.22 - Remote Code Execution via Jiffle Script Compilation

Title source: llm

Exploitation Summary

CVE-2022-24816 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 26, 2024. EIP tracks 1 public exploit from researchers including c1ph3rbyt3. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a functional Python exploit for CVE-2022-24816, a remote code execution (RCE) vulnerability in GeoServer. It crafts a malicious WPS Execute request to execute arbitrary commands on the target system.

Description

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Version 1.2.22 will contain a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application, by removing janino-x.y.z.jar from the classpath.

Exploits (1)

nomisec WORKING POC 1 stars

by c1ph3rbyt3 · remote

https://github.com/c1ph3rbyt3/CVE-2022-24816

View Code ZIP pw:eip

This is a functional Python exploit for CVE-2022-24816, a remote code execution (RCE) vulnerability in GeoServer. It crafts a malicious WPS Execute request to execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GeoServer (versions affected by CVE-2022-24816)

No auth needed

Prerequisites: Target must be running a vulnerable version of GeoServer · Network access to the GeoServer instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

GeoServer <1.2.2 - Remote Code Execution

CRITICALVERIFIEDby mukundbhuva

Shodan: /geoserver/

FOFA: app="GeoServer" || app="geoserver"

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx

Patch x_refsource_misc

https://github.com/geosolutions-it/jai-ext/commit/cb1d6565d38954676b0a366da4f965fef38da1cb

View Patch ZIP pw:eip

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24816

Scores

CVSS v3 10.0

EPSS 0.9402

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2024-06-26

VulnCheck KEV 2024-01-22

InTheWild.io 2024-06-26

ENISA EUVD EUVD-2023-2600

CWE

CWE-94

Status published

Products (3)

geosolutionsgroup/jai-ext < 1.1.22

it.geosolutions.jaiext.jiffle/jt-jiffle 0 - 1.1.22Maven

it.geosolutions.jaiext.jiffle/jt-jiffle-language 0 - 1.1.22Maven

Published Apr 13, 2022

KEV Added Jun 26, 2024

Tracked Since Feb 18, 2026