CVE-2024-3366 LOW

CVE-2024-3366: Xuxueli xxl-job Template JdkSerializeTool.java deserialize injection

Vendor Xuxueli

Product xxl-job

Weakness CWE-74

Published April 6, 2024

Last update August 21, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

Description

A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.

Key dates

Disclosure timeline

April 6, 2024 CVE published

August 21, 2024 Record updated

Identifiers

CVE CVE-2024-3366

CWE CWE-74

CVSS 3.5 / LOW

Affected versions

Vendor Xuxueli

Product xxl-job

Affected 2.4.0

Vendor Xuxueli

Product xxl-job

Affected 2.4.1