CVE-2021-41269: Improper Control of Generation of Code ('Code Injection')
(updated )
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to are susceptible to this vulnerability.
References
- github.com/jmrozanec/cron-utils/commit/cfd2880f80e62ea74b92fa83474c2aabdb9899da
- github.com/jmrozanec/cron-utils/commit/d6707503ec2f20947f79e38f861dba93b39df9da
- github.com/jmrozanec/cron-utils/issues/461
- github.com/jmrozanec/cron-utils/security/advisories/GHSA-p9m8-27x8-rg87
- nvd.nist.gov/vuln/detail/CVE-2021-41269
Detect and mitigate CVE-2021-41269 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →