In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
View the template here CVE-2024-36401.yaml
References:
https://github.com/vulhub/vulhub/tree/master/geoserver/CVE-2024-36401