| Title | xuxueli xxl-job <= 2.4.1 Template injection vulnerability |
|---|
| Description | XXLJOB has a template injection vulnerability. In the latest version, the FreeMarker version is 2.3.32. The attacker can use the tool class in the Core Library (CORE Library (COM/XXL/JOB/CORE/UTIL/Scriptutil.java) to write a malicious expression with a malicious expression The template file, and then when you visit this page, you will render the page, causing the command execution. |
|---|
| Source | ⚠️ https://github.com/xuxueli/xxl-job/issues/3391 |
|---|
| User | qqwp220 (UID 67158) |
|---|
| Submission | 04/01/2024 10:15 (2 years ago) |
|---|
| Moderation | 04/05/2024 10:15 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 259480 [Xuxueli xxl-job up to 2.4.1 Template JdkSerializeTool.java deserialize injection] |
|---|
| Points | 19 |
|---|