Xuxueli: >> Xxl-Job >> 2.4.1 Security Vulnerabilities
Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-08-15
A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-04-06
xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-08
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-26
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-10