New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

阿里云扫描spring框架漏洞 #3598

Open

cnn007 opened this issue Dec 24, 2024 · 3 comments

cnn007 commented Dec 24, 2024

Please answer some questions before submitting your issue. Thanks!

Which version of XXL-JOB do you using?

v2.4.2

Expected behavior

Actual behavior

Steps to reproduce the behavior

Other information

Author

cnn007 commented Dec 24, 2024

https://avd.aliyun.com/detail/CVE-2024-38816?spm=5176.2020520154.sas.5.43afO8X8O8X8Z6&lang=zh&timestamp__1384=n4%2BxniDtdCT4gDmx05DIohxIxWT68m022lCrYD
https://avd.aliyun.com/detail/CVE-2024-38819?spm=5176.2020520154.sas.7.43afO8X8O8X8Z6&lang=zh&timestamp__1384=eqGxuDyQKWqYw405oti%3D4xiqD5%2FuiLbD
https://avd.aliyun.com/detail/CVE-2024-22243?spm=5176.2020520154.sas.13.43afO8X8O8X8Z6&lang=zh&timestamp__1384=n4fx0DRD2DgDyGtD%2FQbpqQu2DAhhib0jeD
https://avd.aliyun.com/detail/CVE-2024-38809?spm=5176.2020520154.sas.16.43afO8X8O8X8Z6&lang=zh&timestamp__1384=n4%2BxRiitDQi%3DDtDkDl6Ie0%3DGO8LPGIe6mKQ34x

Author

cnn007 commented Dec 24, 2024

这3个修复了，阿里有缓存。

lialzm commented Dec 25, 2024

我这边扫出来也是有

软件:xxl-job 2.4.2
命中:["xxl-job extendField.access_token_configed equals false"]
路径:/app.jar(BOOT-INF/lib/xxl-job-core-2.4.2.jar)
进程ID:102583

AVD-2023-1678172

命中:["xxl-job extendField.access_token_configed equals false"]
路径:/app.jar(BOOT-INF/lib/xxl-job-core-2.4.2.jar)
进程ID:102583

软件:spring 5.3.31
命中:["spring version less than equals 5.3.39"]
路径:/app.jar(BOOT-INF/lib/spring-core-5.3.31.jar)
进程ID:102583

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment