VYPR
Low severityNVD Advisory· Published Apr 6, 2024· Updated Aug 21, 2024

Xuxueli xxl-job Template JdkSerializeTool.java deserialize injection

CVE-2024-3366

Description

A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.xuxueli:xxl-job-coreMaven
<= 2.4.0

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.