Lucene search
China National Vulnerability DatabaseCNVD-2023-67082HistoryAug 03, 2023 - 12:00 a.m.
PowerJob Command Execution Vulnerability
2023-08-0300:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
powerjob
command execution
vulnerability
version 4.3.3
arbitrary
parameter
instanceid
/instance/detail
constructor command special characters
unchecked
0.004 Low
EPSS
Percentile
73.4%
PowerJob is an open source distributed computing and job scheduling framework that allows developers to easily schedule tasks in their applications. A command execution vulnerability exists in PowerJob version 4.3.3, which stems from the parameter instanceId of /instance/detail failing to properly filter constructor command special characters, commands, and so on. An attacker could use this vulnerability to cause arbitrary command execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| powerjob powerjob | eq | 4.3.3 |
Related
veracode
veracode
Remote Code Execution (RCE)
2023-08-02 09:02:09
osv
osv
Code injection in PowerJob
2023-07-28 15:30:23
CVE-2023-37754
2023-07-28 15:15:11
cve
cve
CVE-2023-37754
2023-07-28 15:15:11
prion
prion
Command injection
2023-07-28 15:15:00
github
github
Code injection in PowerJob
2023-07-28 15:30:23
cvelist
cvelist
CVE-2023-37754
2023-07-28 00:00:00
nvd
nvd
CVE-2023-37754
2023-07-28 15:15:11