xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.

XXL-JOB vulnerable to Server-Side Request Forgery