[
  {
    "name": "CVE-2024-36401",
    "full_name": "Chocapikk/CVE-2024-36401",
    "html_url": "https://github.com/Chocapikk/CVE-2024-36401",
    "description": "GeoServer Remote Code Execution",
    "stargazers_count": 78,
    "forks_count": 12,
    "created_at": "2024-07-30T18:43:40Z"
  },
  {
    "name": "CVE-2024-36401",
    "full_name": "Mr-xn/CVE-2024-36401",
    "html_url": "https://github.com/Mr-xn/CVE-2024-36401",
    "description": "Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit",
    "stargazers_count": 46,
    "forks_count": 6,
    "created_at": "2024-07-06T01:10:28Z"
  },
  {
    "name": "CVE-2024-36401",
    "full_name": "netuseradministrator/CVE-2024-36401",
    "html_url": "https://github.com/netuseradministrator/CVE-2024-36401",
    "description": "geoserver图形化漏洞利用工具",
    "stargazers_count": 39,
    "forks_count": 2,
    "created_at": "2024-10-05T10:08:55Z"
  },
  {
    "name": "CVE-2024-36401",
    "full_name": "bigb0x/CVE-2024-36401",
    "html_url": "https://github.com/bigb0x/CVE-2024-36401",
    "description": "POC for CVE-2024-36401. This POC will attempt to establish a reverse shell from the vlun targets.",
    "stargazers_count": 33,
    "forks_count": 18,
    "created_at": "2024-07-04T13:19:47Z"
  },
  {
    "name": "CVE-2024-36401-WoodpeckerPlugin",
    "full_name": "thestar0/CVE-2024-36401-WoodpeckerPlugin",
    "html_url": "https://github.com/thestar0/CVE-2024-36401-WoodpeckerPlugin",
    "description": "CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件",
    "stargazers_count": 11,
    "forks_count": 1,
    "created_at": "2024-11-22T03:57:12Z"
  },
  {
    "name": "cve-2024-36401-poc",
    "full_name": "XiaomingX/cve-2024-36401-poc",
    "html_url": "https://github.com/XiaomingX/cve-2024-36401-poc",
    "description": "CVE-2024-36401是GeoServer中的一个高危远程代码执行漏洞。GeoServer是一款开源的地理数据服务器软件，主要用于发布、共享和处理各种地理空间数据。  ALIYUN  漏洞原理： 该漏洞源于GeoServer在处理属性名称时，将其不安全地解析为XPath表达式。具体而言，GeoServer调用的GeoTools库API在评估要素类型的属性名称时，以不安全的方式将其传递给commons-jxpath库。由于commons-jxpath库在解析XPath表达式时允许执行任意代码，攻击者可以通过构造特定的输入，利用多个OGC请求参数（如WFS GetFeature、WFS GetPropertyValue、WMS GetMap等），在未经身份验证的情况下远程执行任意代码。 ",
    "stargazers_count": 5,
    "forks_count": 0,
    "created_at": "2024-11-22T14:21:53Z"
  },
  {
    "name": "CVE-2024-36401",
    "full_name": "Niuwoo/CVE-2024-36401",
    "html_url": "https://github.com/Niuwoo/CVE-2024-36401",
    "description": "POC",
    "stargazers_count": 4,
    "forks_count": 0,
    "created_at": "2024-07-05T03:02:30Z"
  },
  {
    "name": "CVE-2024-36401-PoC",
    "full_name": "daniellowrie/CVE-2024-36401-PoC",
    "html_url": "https://github.com/daniellowrie/CVE-2024-36401-PoC",
    "description": "Proof-of-Concept Exploit for CVE-2024-36401 GeoServer 2.25.1",
    "stargazers_count": 3,
    "forks_count": 2,
    "created_at": "2024-09-13T10:28:48Z"
  },
  {
    "name": "CVE-2024-36401",
    "full_name": "0x0d3ad/CVE-2024-36401",
    "html_url": "https://github.com/0x0d3ad/CVE-2024-36401",
    "description": "CVE-2024-36401 (GeoServer Remote Code Execution)",
    "stargazers_count": 2,
    "forks_count": 0,
    "created_at": "2024-11-27T19:13:49Z"
  },
  {
    "name": "CVE-2024-36401",
    "full_name": "RevoltSecurities/CVE-2024-36401",
    "html_url": "https://github.com/RevoltSecurities/CVE-2024-36401",
    "description": "Exploiter a Vulnerability detection and Exploitation tool for GeoServer Unauthenticated Remote Code Execution CVE-2024-36401.",
    "stargazers_count": 2,
    "forks_count": 1,
    "created_at": "2024-07-05T15:24:50Z"
  },
  {
    "name": "GeoServer-CVE-2024-36401",
    "full_name": "punitdarji/GeoServer-CVE-2024-36401",
    "html_url": "https://github.com/punitdarji/GeoServer-CVE-2024-36401",
    "description": "GeoServer CVE-2024-36401: Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions",
    "stargazers_count": 2,
    "forks_count": 0,
    "created_at": "2024-09-28T14:55:50Z"
  },
  {
    "name": "CVE-2024-36401",
    "full_name": "kkhackz0013/CVE-2024-36401",
    "html_url": "https://github.com/kkhackz0013/CVE-2024-36401",
    "description": null,
    "stargazers_count": 0,
    "forks_count": 0,
    "created_at": "2024-10-14T15:57:06Z"
  },
  {
    "name": "CVE-2024-36401-PoC",
    "full_name": "yisas93/CVE-2024-36401-PoC",
    "html_url": "https://github.com/yisas93/CVE-2024-36401-PoC",
    "description": null,
    "stargazers_count": 0,
    "forks_count": 0,
    "created_at": "2024-08-01T21:22:51Z"
  },
  {
    "name": "CVE-2024-36401-GeoServer-RCE",
    "full_name": "jakabakos/CVE-2024-36401-GeoServer-RCE",
    "html_url": "https://github.com/jakabakos/CVE-2024-36401-GeoServer-RCE",
    "description": null,
    "stargazers_count": 0,
    "forks_count": 0,
    "created_at": "2024-07-12T07:01:12Z"
  }
]