CVE-2024-3366 | Xuxueli xxl-job up to 2.4.1 Template JdkSerializeTool.java deserialize injection (Issue 3391)

Posted by Angelo Barbosa | Apr 5, 2024 | CVE

A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection.

This vulnerability was named CVE-2024-3366. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

CVE-2024-3366 | Xuxueli xxl-job up to 2.4.1 Template JdkSerializeTool.java deserialize injection (Issue 3391)

Related Posts

CVE-2024-8150 | ContiNew Admin 3.2.0 user sort sql injection

CVE-2023-47858 | Mattermost up to 8.1.6/9.0.4/9.1.3/9.2.2 Archived Public Channel deleted access control

CVE-2024-45458 | Spiffy Plugins Spiffy Calendar Plugin up to 4.9.13 on WordPress cross site scripting

CVE-2023-7106 | code-projects E-Commerce Website 1.0 product_details.php prod_id sql injection