Known exploited
OSGeo
CVE published 2024-06-26
CVE-2022-24816
CVE-2022-24816 is a code injection vulnerability in OSGeo JAI-EXT and is listed in CISA’s Known Exploited Vulnerabilities catalog. Because CISA has placed it in KEV, organizations using JAI-EXT or products that bundle it should treat remediation as urgent. CISA notes that the patched JAI-EXT release is 1.1.22 and advises applying vendor mitigations or discontinuing use if mitigations are not available.