Lucene search
+L

40 matches found

nvd
nvd
added 2024/12/09 5:15 a.m.16 views

CVE-2024-12358

A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

8.8CVSS0.04942EPSS
Exploits1References4
cvelist
cvelist
added 2024/12/09 4:31 a.m.27 views

CVE-2024-12358 WeiYe-Jing datax-web add os command injection

A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS0.04942EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2024/12/09 4:31 a.m.8 views

CVE-2024-12358 WeiYe-Jing datax-web add os command injection

A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS7.7AI score0.04942EPSS
Exploits1References4
osv
osv
added 2024/12/09 4:31 a.m.6 views

CVE-2024-12358 WeiYe-Jing datax-web add os command injection

A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS6.4AI score0.04942EPSS
Exploits1References6
cve
cve
added 2024/12/09 4:31 a.m.92 views

CVE-2024-12358

WeiYe-Jing datax-web 2.1.1 is affected by an OS command injection in the glueSource parameter of /api/job/add/. The vulnerability, described as critical, can be triggered remotely and has been disclosed publicly. Affected component is the /api/job/add/ processing logic; root cause is input manipu...

8.8CVSS6.9AI score0.04942EPSS
Exploits1References4Affected Software1
cnnvd
cnnvd
added 2024/12/09 12:0 a.m.9 views

DataX-Web 安全漏洞

DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developer. A security vulnerability exists in DataX-Web version 2.1.1, which stems from an operating system command injection vulnerability in the glueSource parameter of the /api/job/add/ file...

8.8CVSS6.8AI score0.04942EPSS
Exploits1References4
nvd
nvd
added 2023/12/27 4:15 p.m.15 views

CVE-2023-7116

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...

9.8CVSS0.09901EPSS
Exploits1References3
prion
prion
added 2023/12/27 4:15 p.m.15 views

Command injection

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...

6.5CVSS7.8AI score0.09901EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2023/12/27 3:31 p.m.27 views

CVE-2023-7116 WeiYe-Jing datax-web HTTP POST Request killJob os command injection

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...

6.5CVSS10AI score0.09901EPSS
Exploits1References3
cve
cve
added 2023/12/27 3:31 p.m.88 views

CVE-2023-7116

WeiYe-Jing datax-web 2.1.2 is affected by an OS command injection in the HTTP POST handler for /api/log/killJob, via manipulation of the processId parameter. The issue can be exploited remotely and has been disclosed publicly. Remediation recommended in connected templates is to update to a newer...

9.8CVSS8.4AI score0.09901EPSS
Exploits1References3Affected Software1
osv
osv
added 2023/12/27 3:31 p.m.18 views

CVE-2023-7116 WeiYe-Jing datax-web HTTP POST Request killJob os command injection

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...

6.3CVSS6.5AI score0.09901EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2023/12/27 12:0 a.m.10 views

PT-2023-32884 · Weiye Jing · Datax-Web

Name of the Vulnerable Software and Affected Versions: WeiYe-Jing datax-web version 2.1.2 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically affecting some unknown functionality of the file /api/log/killJob. The manipulation of the processId...

9.8CVSS7AI score0.09901EPSS
Exploits1References10
cnnvd
cnnvd
added 2023/12/27 12:0 a.m.8 views

DataX-Web Operating System Command Injection Vulnerability

DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developer. An OS command injection vulnerability exists in DataX-Web version 2.1.2, which originates from the presence of some unknown functions in /api/log/killJob in the component HTTP POST Reques...

9.8CVSS7.6AI score0.09901EPSS
Exploits1References4
nvd
nvd
added 2023/01/13 1:15 a.m.29 views

CVE-2022-46478

The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...

9.8CVSS9.8AI score0.01091EPSS
Exploits1References1
cve
cve
added 2023/01/13 12:0 a.m.59 views

CVE-2022-46478

The CVE-2022-46478 issue affects datax-web v1.0.0 and v2.0.0 through v2.1.2. The RPC interface does not perform default permission checks, enabling an attacker to execute arbitrary commands by sending crafted Hessian-serialized data. Impact is described as remote command execution over the networ...

9.8CVSS9.6AI score0.01091EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2023/01/13 12:0 a.m.5 views

CVE-2022-46478

The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...

9.8AI score0.01091EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2023/01/13 12:0 a.m.4 views

PT-2023-14939 · Datax-Web · Datax-Web

Name of the Vulnerable Software and Affected Versions: datax-web versions 1.0.0 through 2.1.2 Description: The issue concerns the RPC interface in datax-web, which lacks permission checks by default. This allows attackers to execute arbitrary commands by sending crafted Hessian serialized data...

9.8CVSS9.8AI score0.01091EPSS
Exploits1References3
cnnvd
cnnvd
added 2023/01/13 12:0 a.m.4 views

DataX-Web 代码问题漏洞

DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developers. A security vulnerability exists in DataX-Web v1.0.0 and v2.0.0 to v2.1.2, which stems from the fact that its RPC interface does not perform privilege checking by default, allowing an...

9.8CVSS8.8AI score0.01091EPSS
Exploits1References2
cvelist
cvelist
added 2023/01/13 12:0 a.m.27 views

CVE-2022-46478

The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...

10AI score0.01091EPSS
Exploits1References1
osv
osv
added 2023/01/13 12:0 a.m.17 views

CVE-2022-46478

The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...

9.8CVSS7.7AI score0.01091EPSS
Exploits1References3
Rows per page
Query Builder