cron-utils: template Injection leading to unauthenticated Remote Code Execution

A flaw was found in cron-utils. This flaw allows an attacker to perform unauthenticated Remote Code Execution RCE via Java Expression Language EL injection...

GHSA-P9M8-27X8-RG87 Critical vulnerability found in cron-utils

Impact A Template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution RCE vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron...

cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution

A flaw was found in cron-utils. End applications passing unsanitized user input which is subsequently parsed by the @Cron annotation can allow an attacker to execute arbitrary expressions using JavaEL which will be implicitly executed by the constraint validator. The highest threat from this...

Cron Utils Injection Vulnerability

Cron Utils is a Java codebase for authenticating, parsing, and migrating Cron expressions from the individual developers at Jmrozanec. An injection vulnerability exists in Cron-utils versions prior to 9.1.3, which can be exploited by an attacker to be able to inject arbitrary Java EL expressions,...