CVE-2024-42681: Improper Preservation of Permissions in xxl-job

August 15, 2024 (updated May 22, 2025)

Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.

References

github.com/advisories/GHSA-cpfp-m5qw-c4r3
github.com/xuxueli/xxl-job
github.com/xuxueli/xxl-job/commit/a2dc9011310628f3e18c3a5095e7e6a946d017bd
github.com/xuxueli/xxl-job/issues/3516
nvd.nist.gov/vuln/detail/CVE-2024-42681

Code Behaviors & Features

Detect and mitigate CVE-2024-42681 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →