CVE-2022-24816

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution. Vendor/Product: OSGeo JAI-EXT. Added to CISA KEV 2024-06-26; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.