4 matches found
CVE-2024-3366
creationtimestamp| type| source ---|---|--- 2025-07-04 11:01:33+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114794620052697504...
CVE-2024-3366
A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to...
cn.acyou:leo-framework-barcode (=1.6.0.RELEASE), cn.acyou:leo-framework-commons (=1.6.0.RELEASE) +171 more potentially affected by CVE-2024-3366 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.4.0)
com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.2.3, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.6.154 - cn.openjava:openjava-xxl-job-starter =2.0.0.1-alpha and more Source cves: CVE-2024-3366 Source advisory: OSV:GHSA-2V42-XP3J-47M4...
CVE-2024-3366
Xuxueli XXL-Job up to 2.4.1 contains a Template Handler deserialization vulnerability in com/xxl/job/core/util/JdkSerializeTool.java that enables template-injection via manipulated byte arrays. The flaw allows injection due to lack of sanitization in deserialize(), with exploitation disclosed pub...