10 matches found
Server Side Request Forgery (SSRF)
com.xuxueli, xxl-job-core is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation in the httpJobHandler function of SampleXxlJob.java, which allows an attacker to send crafted requests to internal or external systems remotely...
cn.acyou:leo-framework-barcode (=1.6.0.RELEASE), cn.acyou:leo-framework-commons (=1.6.0.RELEASE) +229 more potentially affected by CVE-2025-7787 via com.xuxueli:xxl-job-core (>=1.8.2 <=3.1.1)
com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.2.3, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.0.0, =1.6.0, =1.6.154 and more Source cves: CVE-2025-7787 Source advisory: OSV:GHSA-F8VW-8VGH-22R9...
Insecure Permissions
com.xuxueli, xxl-job-core is vulnerable to Insecure Permissions. The vulnerability is due to improper access control and validation in the Sub-Task ID component. This allowing attackers to manipulate it to execute arbitrary code by crafting malicious input...
cn.acyou:leo-framework-barcode (=1.6.0.RELEASE), cn.acyou:leo-framework-commons (=1.6.0.RELEASE) +185 more potentially affected by CVE-2024-42681 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.4.1)
com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.2.3, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.0.0, =1.6.0, =1.6.154 and more Source cves: CVE-2024-42681 Source advisory: OSV:GHSA-CPFP-M5QW-C4R3...
cn.acyou:leo-framework-barcode (=1.6.0.RELEASE), cn.acyou:leo-framework-commons (=1.6.0.RELEASE) +171 more potentially affected by CVE-2024-3366 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.4.0)
com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.2.3, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.6.154 - cn.openjava:openjava-xxl-job-starter =2.0.0.1-alpha and more Source cves: CVE-2024-3366 Source advisory: OSV:GHSA-2V42-XP3J-47M4...
cn.allbs:allbs-bom (>=1.0.7 <=2.0.0), cn.allbs:allbs-xxl-job (>=1.0.6 <=2.0.1) +125 more potentially affected by CVE-2022-43183 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.3.1)
com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.4.0.RELEASE, =1.4.0.RELEASE, =1.4.0.RELEASE, =1.4.0.RELEASE, =1.4.2.RELEASE and more Source cves: CVE-2022-43183 Source advisory: OSV:GHSA-83W4-X5W9-HF4H...
Malicious Command Execution
xxl-job-core is vulnerable to malicious command execution. Lack of sanitization of new task in task management module of the background management allows an attacker to inject and execute malicious commands...
cn.centychen:xxl-job-spring-boot-starter (>=1.0.0-RELEASE <=1.0.1-RELEASE), cn.db101:xxl-job-spring-boot-starter (=1.1.0) +53 more potentially affected by CVE-2022-40929 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.2.0)
com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.0.1, =2.1.1-RELEASE, =6.1.0, =0.0.4, =1.5.13, =1.7.1 - com.gitee.zodiacstack:zodiac-xxljob-spring-boot-starter =1.5.16 - com.github.hiwepy:xxljob-spring-boot-starter =1.0.0.RELEASE -...
Cross-Site Request Forgery (CSRF)
XXL Job Core is vulnerable to cross-site request forgery. The vulnerability exists in xxl-job-admin component due to less restrictions of user permissions which allows an attacker to perform unauthorized actions...
cn.centychen:xxl-job-spring-boot-starter (>=1.0.0-RELEASE <=1.0.1-RELEASE), cn.db101:xxl-job-spring-boot-starter (=1.1.0) +53 more potentially affected by CVE-2020-29204 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.2.0)
com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.0.1, =2.1.1-RELEASE, =6.1.0, =0.0.4, =1.5.13, =1.7.1 - com.gitee.zodiacstack:zodiac-xxljob-spring-boot-starter =1.5.16 - com.github.hiwepy:xxljob-spring-boot-starter =1.0.0.RELEASE -...