CVE-2024-42681: Improper Preservation of Permissions in xxl-job

August 15, 2024

Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.

References

github.com/advisories/GHSA-cpfp-m5qw-c4r3
github.com/xuxueli/xxl-job
github.com/xuxueli/xxl-job/issues/3516
nvd.nist.gov/vuln/detail/CVE-2024-42681

Detect and mitigate CVE-2024-42681 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →