CVE-2023-33779, GHSA-9mmj-64jh-ph9c
maven/com.xuxueli/xxl-job
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
All versions up to 2.4.1
Unfortunately, there is no solution available yet.
2023-05-29
source |