A vulnerability has been located in the GeoTools Library that allows SQL Injection using OGC Filter and Function expressions.
Patched releases: