| Title | xuxueli xxl-job <= 2.4.1 Template injection vulnerability |
|---|
| Description | XXLJOB has a template injection vulnerability. In the latest version, the FreeMarker version is 2.3.32. The attacker can use the tool class in the Core Library (CORE Library (COM/XXL/JOB/CORE/UTIL/Scriptutil.java) to write a malicious expression with a malicious expression The template file, and then when you visit this page, you will render the page, causing the command execution. |
|---|
| Source | ⚠️ https://github.com/xuxueli/xxl-job/issues/3391 |
|---|
| User | qqwp220 (ID 67158) |
|---|
| Submission | 2024-04-01 10:15 (2 months ago) |
|---|
| Moderation | 2024-04-05 10:15 (4 days later) |
|---|
| Status | Przyjęty |
|---|
| VulDB Entry | 259480 |
|---|