CVE-2021-41269

Improper Control of Generation of Code ('Code Injection') in maven/com.cronutils/cron-utils

Identifiers

CVE-2021-41269, GHSA-p9m8-27x8-rg87

Package Slug

maven/com.cronutils/cron-utils

Vulnerability

Improper Control of Generation of Code ('Code Injection')

Description

cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to are susceptible to this vulnerability.

Affected Versions

All versions before 9.1.6

Solution

Upgrade to version 9.1.6 or above.

Last Modified

2021-11-22

source