9 matches found
Arbitrary Code Injection
aizuda snail-job is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper handling of user-controlled input in the QLExpressEngine.doEval function, which allows a remote attacker to inject and execute malicious expressions...
CVE-2025-14674
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...
GHSA-3F8C-8H8V-P54H snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the doEval function. An attacker can execute arbitrary code by injecting malicious expressions. Remediation Upgrade com.aizuda:snail-job-common-core to version 1.7.0-beta1 or higher. References - gitee...
EUVD-2025-203309
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...
snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...
CVE-2025-14674
CVE-2025-14674 affects aizuda snail-job up to 1.6.0. The vulnerability is in QLExpressEngine.doEval (snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java), enabling remote code injection due to improper handling of input. Ex...
CVE-2025-14674 aizuda snail-job QLExpressEngine.java QLExpressEngine.doEval injection
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...
PT-2025-51174
Name of the Vulnerable Software and Affected Versions aizuda snail-job versions up to 1.6.0 Description A flaw exists in the QLExpressEngine.doEval function within the snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java fil...