GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.
https://osgeo-org.atlassian.net/browse/GEOT-7725
https://nvd.nist.gov/vuln/detail/cve-2023-27867
https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7