Description
XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-6869 | XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users). |
Github GHSA |
GHSA-m54f-rp6r-rrrm | XXL-JOB contains a Command execution vulnerability in background tasks |
References
| Link | Providers |
|---|---|
| https://github.com/xuxueli/xxl-job/issues/2979 |
|
History
Wed, 21 May 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-05-21T14:55:07.801Z
Reserved: 2022-09-19T00:00:00.000Z
Link: CVE-2022-40929
Updated: 2024-08-03T12:28:42.931Z
Status : Modified
Published: 2022-09-28T18:15:09.813
Modified: 2026-06-17T05:02:15.423
Link: CVE-2022-40929
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
EUVD
Github GHSA