2 matches found
CVE-2021-41269
CVE-2021-41269 affects cron-utils, a Java library for parsing and migrating cron expressions. The issue is a template injection flaw in cron-utils that enables an attacker to inject arbitrary Java EL expressions, leading to unauthenticated remote code execution. The vulnerability affects versions...
CVE-2020-26238
Cron-utils contains a template injection vulnerability (CVE-2020-26238) in versions before 9.1.3 that allows an attacker to inject arbitrary Java EL expressions and achieve unauthenticated RCE. The issue affects projects that validate untrusted Cron expressions using the @Cron annotation. Remedy:...