Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-26238

Опубликовано: 25 нояб. 2020
Источник: nvd
CVSS3: 7.9
CVSS3: 8.1
CVSS2: 6.8
EPSS Низкий

Описание

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected. This issue was patched in version 9.1.3.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:cron-utils_project:cron-utils:*:*:*:*:*:*:*:*
Версия до 9.1.3 (исключая)

EPSS

Процентиль: 91%
0.06488
Низкий

7.9 High

CVSS3

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

redhat логотип

CVE-2020-26238

CVSS3: 8.1
redhat
около 5 лет назад

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected. This issue was patched in version 9.1.3.

github логотип

GHSA-pfj3-56hm-jwq5

CVSS3: 7.9
github
около 5 лет назад

Template injection in cron-utils

EPSS

Процентиль: 91%
0.06488
Низкий

7.9 High

CVSS3

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-74