Описание
A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.
Ссылки
- ExploitIssue Tracking
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue Tracking
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.1 (исключая)
cpe:2.3:a:xuxueli:xxl-job:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00107
Низкий
3.5 Low
CVSS3
9.8 Critical
CVSS3
2.7 Low
CVSS2
Дефекты
CWE-74
CWE-502
Связанные уязвимости
CVSS3: 3.5
github
почти 2 года назад
Xuxueli xxl-job template injection vulnerability
EPSS
Процентиль: 29%
0.00107
Низкий
3.5 Low
CVSS3
9.8 Critical
CVSS3
2.7 Low
CVSS2
Дефекты
CWE-74
CWE-502