CVE-2023-33779

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maven/com.xuxueli/xxl-job

Identifiers

CVE-2023-33779, GHSA-9mmj-64jh-ph9c

Package Slug

maven/com.xuxueli/xxl-job

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.

Affected Versions

All versions up to 2.4.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-05-29

source