2 matches found
Remote Code Execution (RCE)
xxl-rpc-core is vulnerable to Remote Code Execution. The vulnerability exists because the server and client will invoke the pre-configured serialization processor for deserialization in the decode function of NettyDecoder.java without input validation, leading to remote code execution...
cn.centychen:xxl-job-spring-boot-starter (>=1.0.0-RELEASE <=1.0.1-RELEASE), cn.com.365trade.oss:xxl-job-admin (>=2.2.1.1_zzlh <=2.2.1_zzlh) +31 more potentially affected by CVE-2023-33496 via com.xuxueli:xxl-rpc-core (>=1.2.0 <=1.6.0)
com.xuxueli:xxl-rpc-core MAVEN version =1.2.0, =1.0.0-RELEASE, =2.2.1.1zzlh, =2.2.1.1zzlh, =1.1.1, =2.1.1-RELEASE, =0.0.1, =0.0.1, =2.0.4, =2.0.4, =0.0.1, =2.0.5 and more Source cves: CVE-2023-33496 Source advisory: OSV:GHSA-C29G-Q3H3-MWCF...