Is CVE-2022-24816 actively exploited?

CVE-2022-24816 has no public evidence of in-the-wild exploitation as of 2025-10-24.

What is the CVSS score for CVE-2022-24816?

CVE-2022-24816 has a CVSS score of 10 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2022-24816?

Patch guidance is available from geosolutionsgroup security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2022-24816.

Which products are affected by CVE-2022-24816?

1 product: geosolutionsgroup jai-ext.

Fix CVE-2022-24816 - CRITICAL geosolutionsgroup jai-ext

Description

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Version 1.2.22 will contain a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application, by removing janino-x.y.z.jar from the classpath.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-94 · Code Injection CWE-94 · Code Injection

Metadata

Primary Vendor: GEOSOLUTIONSGROUP
Published: 4/13/2022
Last Modified: 10/24/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2022-24816

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary