Lucene search
GoogleOSV:CVE-2021-41269HistoryNov 15, 2021 - 9:15 p.m.
CVE-2021-41269
2021-11-1521:15:07
Google
osv.dev
9
cve-2021-41269
cron-utils
java library
rce
vulnerability
remote code execution
security patch
version 9.1.6
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron annotation to validate untrusted Cron expressions are affected. The issue was patched and a new version was released. Please upgrade to version 9.1.6. There are no known workarounds known.
Related
redhatcve
redhatcve
CVE-2021-41269
2021-11-18 15:03:35
veracode
veracode
Template Injection
2021-11-16 03:47:31
nvd
nvd
CVE-2021-41269
2021-11-15 21:15:07
prion
prion
Remote code execution
2021-11-15 21:15:00
github
github
Critical vulnerability found in cron-utils
2021-11-15 23:27:11
cve
cve
CVE-2021-41269
2021-11-15 21:15:07
osv
osv
Critical vulnerability found in cron-utils
2021-11-15 23:27:11
cvelist
cvelist
CVE-2021-41269 Unauthenticated remote code injection in cron-utils
2021-11-15 20:30:14
redhat
redhat