Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

snyk 扫描最新版本xxl-job-core-2.4.1 漏洞详情 #3427

Open
AmbitionX opened this issue Apr 19, 2024 · 0 comments
Open

snyk 扫描最新版本xxl-job-core-2.4.1 漏洞详情 #3427

AmbitionX opened this issue Apr 19, 2024 · 0 comments

Comments

@AmbitionX
Copy link

AmbitionX commented Apr 19, 2024
edited

Please answer some questions before submitting your issue. Thanks!

Which version of XXL-JOB do you using?

xxl-job-core-2.4.1.jar

Expected behavior

期望修复掉目前无法通过的漏洞

Actual behavior

我们公司是用 snyk (一个用户量很大的安全平台),扫描出2.4.1也就是截止issue发布的最新版本存在两个无法通过的漏洞
漏洞一:Command injection
image

漏洞二:CSRF
image

请问有上述漏洞的修复计划么?
@AmbitionX AmbitionX changed the title synk 扫描最新版本xxl-job-core-2.4.1 漏洞详情 snyk 扫描最新版本xxl-job-core-2.4.1 漏洞详情 Apr 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AmbitionX