Description
XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).
Remediation
References
https://github.com/xuxueli/xxl-job/issues/2979
Related Vulnerabilities
CVE-2020-7710 Vulnerability in npm package safe-eval
CVE-2022-29770 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2022-45868 Vulnerability in maven package com.h2database:h2
CVE-2021-44868 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2022-35961 Vulnerability in npm package @openzeppelin/contracts-upgradeable