Invia #308180: xuxueli xxl-job <= 2.4.1 Template injection vulnerabilityinformazioni

Titoloxuxueli xxl-job <= 2.4.1 Template injection vulnerability
DescrizioneXXLJOB has a template injection vulnerability. In the latest version, the FreeMarker version is 2.3.32. The attacker can use the tool class in the Core Library (CORE Library (COM/XXL/JOB/CORE/UTIL/Scriptutil.java) to write a malicious expression with a malicious expression The template file, and then when you visit this page, you will render the page, causing the command execution.
Fonte⚠️ https://github.com/xuxueli/xxl-job/issues/3391
Utente
 qqwp220 (UID 67158)
Sottomissione01/04/2024 10:15 (2 anni fa)
Moderazione05/04/2024 10:15 (4 days later)
StatoAccettato
Voce VulDB259480 [Xuxueli xxl-job fino a 2.4.1 Template JdkSerializeTool.java deserialize escalationi di privilegi]
Punti19

PrecedenteVisione D'ensembleIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!