Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Critical vulnerability found in cron-utils
Vulnerability Description
Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected. This issue was patched in version 9.1.3.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Cron Utils 注入漏洞
Vulnerability Description
Cron Utils是Jmrozanec个人开发者的一个用于验证、解析、迁移 Cron 表达式的Java代码库。 Cron-utils 9.1.3之前版本存在注入漏洞,攻击者可利用该漏洞能够注入任意的Java EL表达式,从而导致未经身份验证的远程代码执行(RCE)漏洞。只有使用@Cron注释验证不可信Cron表达式的项目才会受到影响。
CVSS Information
N/A
Vulnerability Type
N/A