GHSA-m54f-rp6r-rrrm

Опубликовано: 29 сент. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

XXL-JOB contains a Command execution vulnerability in background tasks

XXL-JOB versions 2.2.0 and prior contain a Command execution vulnerability in background tasks.

NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).

Ссылки

Пакеты

Наименование

com.xuxueli:xxl-job-core

maven

Затронутые версииВерсия исправления

<= 2.2.0

Отсутствует

EPSS

Процентиль: 58%

0.00372

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-40929

Дефекты

CWE-78

Связанные уязвимости

CVE-2022-40929

CVSS3: 9.8

nvd

больше 3 лет назад

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).

EPSS

Процентиль: 58%

0.00372

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-40929

Дефекты

CWE-78