| Titel | xuxueli xxl-job <= 2.4.1 Template injection vulnerability |
|---|
| Beschreibung | XXLJOB has a template injection vulnerability. In the latest version, the FreeMarker version is 2.3.32. The attacker can use the tool class in the Core Library (CORE Library (COM/XXL/JOB/CORE/UTIL/Scriptutil.java) to write a malicious expression with a malicious expression The template file, and then when you visit this page, you will render the page, causing the command execution. |
|---|
| Quelle | ⚠️ https://github.com/xuxueli/xxl-job/issues/3391 |
|---|
| Benutzer | qqwp220 (UID 67158) |
|---|
| Einreichung | 01.04.2024 10:15 (vor 2 Jahren) |
|---|
| Moderieren | 05.04.2024 10:15 (4 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 259480 [Xuxueli xxl-job bis 2.4.1 Template JdkSerializeTool.java deserialize erweiterte Rechte] |
|---|
| Punkte | 19 |
|---|