Title | xuxueli xxl-job <= 2.4.1 Template injection vulnerability |
---|
Description | XXLJOB has a template injection vulnerability. In the latest version, the FreeMarker version is 2.3.32. The attacker can use the tool class in the Core Library (CORE Library (COM/XXL/JOB/CORE/UTIL/Scriptutil.java) to write a malicious expression with a malicious expression The template file, and then when you visit this page, you will render the page, causing the command execution. |
---|
Source | ⚠️ https://github.com/xuxueli/xxl-job/issues/3391 |
---|
User | qqwp220 (ID 67158) |
---|
Submission | 2024-04-01 10:15 (2 months ago) |
---|
Moderation | 2024-04-05 10:15 (4 days later) |
---|
Status | Przyjęty |
---|
VulDB Entry | 259480 |
---|