The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2.
The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.
The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Wed, 16 Jul 2025 01:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache shardingsphere Elasticjob-ui |
|
CPEs | cpe:2.3:a:apache:shardingsphere_elasticjob-ui:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache shardingsphere Elasticjob-ui |
Thu, 06 Feb 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Thu, 06 Feb 2025 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack. | |
Title | Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC | |
Weaknesses | CWE-913 | |
References |
|

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2025-02-06T16:25:45.921Z
Reserved: 2022-05-27T08:27:18.571Z
Link: CVE-2022-31764

Updated: 2025-02-06T16:24:36.286Z

Status : Analyzed
Published: 2025-02-06T15:15:10.610
Modified: 2025-07-16T01:00:27.987
Link: CVE-2022-31764

No data.

No data.