Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2025/12/14 6:31 p.m.8 views

snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function

A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...

6.5CVSS6.9AI score0.00303EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2025/12/14 6:31 p.m.16 views

GHSA-3F8C-8H8V-P54H snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function

A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...

6.3CVSS6.9AI score0.00303EPSS
Exploits0References8
NVD
NVD
added 2025/12/14 6:15 p.m.7 views

CVE-2025-14674

A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...

6.5CVSS0.00303EPSS
Exploits0References7
CVE
CVE
added 2025/12/14 6:2 p.m.19 views

CVE-2025-14674

CVE-2025-14674 affects aizuda snail-job up to 1.6.0. The vulnerability is in QLExpressEngine.doEval (snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java), enabling remote code injection due to improper handling of input. Ex...

6.5CVSS6.7AI score0.00303EPSS
Exploits0References7
Rows per page
Query Builder