Maven package
com.xuxueli/xxl-job-core
pkg:maven/com.xuxueli/xxl-job-core
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-7787 | Med | 6.3 | <= 3.1.1 | — | Jul 18, 2025 | A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is p | |
| CVE-2024-42681 | — | < 2.4.2 | 2.4.2 | Aug 15, 2024 | Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. | ||
| CVE-2024-3366 | — | <= 2.4.0 | — | Apr 6, 2024 | A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has | ||
| CVE-2022-43183 | — | < 2.4.0 | 2.4.0 | Nov 17, 2022 | XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. | ||
| CVE-2022-40929 | — | <= 2.2.0 | — | Sep 28, 2022 | XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users). | ||
| CVE-2020-29204 | — | < 2.3.0 | 2.3.0 | Dec 27, 2020 | XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. |
- affected <= 3.1.1
A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is p
- CVE-2024-42681Aug 15, 2024affected < 2.4.2fixed 2.4.2
Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.
- CVE-2024-3366Apr 6, 2024affected <= 2.4.0
A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has
- CVE-2022-43183Nov 17, 2022affected < 2.4.0fixed 2.4.0
XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.
- CVE-2022-40929Sep 28, 2022affected <= 2.2.0
XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).
- CVE-2020-29204Dec 27, 2020affected < 2.3.0fixed 2.3.0
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.