Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
aizuda snail-job QLExpressEngine.java QLExpressEngine.doEval injection
Vulnerability Description
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in injection. The attack can be launched remotely. Upgrading to version 1.7.0-beta1 addresses this issue. The patch is identified as 978f316c38b3d68bb74d2489b5e5f721f6675e86. The affected component should be upgraded.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
SnailJob 安全漏洞
Vulnerability Description
SnailJob是aizuda开源的一个灵活、可靠且高效的分布式任务重试和任务调度平台。 SnailJob 1.6.0及之前版本存在安全漏洞,该漏洞源于对文件snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java中函数QLExpressEngine.doEval的错误操作,可能导致注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A