Описание
XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:xuxueli:xxl-job:2.2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00372
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
XXL-JOB contains a Command execution vulnerability in background tasks
EPSS
Процентиль: 58%
0.00372
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78
CWE-78