40 matches found
CVE-2024-12358
A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2024-12358 WeiYe-Jing datax-web add os command injection
A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2024-12358 WeiYe-Jing datax-web add os command injection
A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2024-12358 WeiYe-Jing datax-web add os command injection
A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2024-12358
WeiYe-Jing datax-web 2.1.1 is affected by an OS command injection in the glueSource parameter of /api/job/add/. The vulnerability, described as critical, can be triggered remotely and has been disclosed publicly. Affected component is the /api/job/add/ processing logic; root cause is input manipu...
DataX-Web 安全漏洞
DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developer. A security vulnerability exists in DataX-Web version 2.1.1, which stems from an operating system command injection vulnerability in the glueSource parameter of the /api/job/add/ file...
CVE-2023-7116
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...
Command injection
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...
CVE-2023-7116 WeiYe-Jing datax-web HTTP POST Request killJob os command injection
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...
CVE-2023-7116
WeiYe-Jing datax-web 2.1.2 is affected by an OS command injection in the HTTP POST handler for /api/log/killJob, via manipulation of the processId parameter. The issue can be exploited remotely and has been disclosed publicly. Remediation recommended in connected templates is to update to a newer...
CVE-2023-7116 WeiYe-Jing datax-web HTTP POST Request killJob os command injection
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...
PT-2023-32884 · Weiye Jing · Datax-Web
Name of the Vulnerable Software and Affected Versions: WeiYe-Jing datax-web version 2.1.2 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically affecting some unknown functionality of the file /api/log/killJob. The manipulation of the processId...
DataX-Web Operating System Command Injection Vulnerability
DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developer. An OS command injection vulnerability exists in DataX-Web version 2.1.2, which originates from the presence of some unknown functions in /api/log/killJob in the component HTTP POST Reques...
CVE-2022-46478
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...
CVE-2022-46478
The CVE-2022-46478 issue affects datax-web v1.0.0 and v2.0.0 through v2.1.2. The RPC interface does not perform default permission checks, enabling an attacker to execute arbitrary commands by sending crafted Hessian-serialized data. Impact is described as remote command execution over the networ...
CVE-2022-46478
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...
PT-2023-14939 · Datax-Web · Datax-Web
Name of the Vulnerable Software and Affected Versions: datax-web versions 1.0.0 through 2.1.2 Description: The issue concerns the RPC interface in datax-web, which lacks permission checks by default. This allows attackers to execute arbitrary commands by sending crafted Hessian serialized data...
DataX-Web 代码问题漏洞
DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developers. A security vulnerability exists in DataX-Web v1.0.0 and v2.0.0 to v2.1.2, which stems from the fact that its RPC interface does not perform privilege checking by default, allowing an...
CVE-2022-46478
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...
CVE-2022-46478
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...