30 matches found
Arbitrary Code Injection
aizuda snail-job is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper handling of user-controlled input in the QLExpressEngine.doEval function, which allows a remote attacker to inject and execute malicious expressions...
CVE-2025-15246
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...
CVE-2025-15246
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...
EUVD-2025-205766
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...
CVE-2025-15246 aizuda snail-job API FurySerializer.deserialize deserialization
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...
CVE-2025-15246 aizuda snail-job API FurySerializer.deserialize deserialization
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...
CVE-2025-15246
Aizuda snail-job (macOS) up to version 1.7.0 is affected in the API component by FurySerializer.deserialize, where manipulating the argsStr enables deserialization leading to remote exploitation. The exploit has been publicly disclosed. Remediation: upgrade to a version newer than 1.7.0 (i.e., no...
PT-2025-53923
Name of the Vulnerable Software and Affected Versions aizuda snail-job versions up to 1.7.0 Description A flaw exists in the FurySerializer.deserialize function within the API component of aizuda snail-job. This issue involves the deserialization of the argsStr argument, potentially allowing for...
snail-job 代码问题漏洞
snail-job is a distributed task scheduling platform open source by aizuda. A code issue vulnerability exists in snail-job version 1.7.0 and earlier, which stems from a misuse of the parameter argsStr in the component API and could lead to a deserialization attack...
CVE-2025-14674
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the doEval function. An attacker can execute arbitrary code by injecting malicious expressions. Remediation Upgrade com.aizuda:snail-job-common-core to version 1.7.0-beta1 or higher. References - gitee...
EUVD-2025-203309
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...
GHSA-3F8C-8H8V-P54H snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...
snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...
com.aizuda:snail-job-client-common (>=1.0.0 <=1.10.0-beta1), com.aizuda:snail-job-client-job-core (>=1.0.0 <=1.10.0-beta1) +29 more potentially affected by CVE-2025-14674 via com.aizuda:snail-job-common-core (>=1.0.0-beta1 <=1.6.0)
com.aizuda:snail-job-common-core MAVEN version =1.0.0-beta1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.10.0, =1.0.0, =1.0.0, =1.1.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.10.0-beta1 and more Source cves: CVE-2025-14674 Source advisory: SNYK:JAVA-COMAIZUDA-14426463...
CVE-2025-14674
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...
CVE-2025-14674 aizuda snail-job QLExpressEngine.java QLExpressEngine.doEval injection
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...
CVE-2025-14674 aizuda snail-job QLExpressEngine.java QLExpressEngine.doEval injection
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...
CVE-2025-14674
CVE-2025-14674 affects aizuda snail-job up to 1.6.0. The vulnerability is in QLExpressEngine.doEval (snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java), enabling remote code injection due to improper handling of input. Ex...
PT-2025-51174
Name of the Vulnerable Software and Affected Versions aizuda snail-job versions up to 1.6.0 Description A flaw exists in the QLExpressEngine.doEval function within the snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java fil...