[Critical] PowerJob<=4.3.3 Remote Code Execution Vulnerability

News 2023-08-06 20:34:07 views: null

 Vulnerability description

PowerJob is an open source distributed task scheduling framework.

Since PowerJob does not authenticate the gateway, in versions 4.3.3 and earlier, an unauthorized attacker can send a maliciously constructed instanceId parameter to the /instance/detail endpoint to remotely execute arbitrary code.

Vulnerability name

PowerJob<=4.3.3 Remote Code Execution Vulnerability
Vulnerability type code injection
Discovery time 2023/7/29
Vulnerability Breadth generally
MPS number MPS-z718-rwub
CVE number CVE-2023-37754
CNVD number -


Sphere of influence

Foxit PDF Reader@[12.1.2.15332, 12.1.3)

Repair plan

Upgrade the component Foxit PDF Reader to 12.1.3 or later

reference link

OSCS | Open source software supply chain security community | Make every open source project more secure

NVD - CVE-2023-37754

Full version Remote Command Execution · Issue #675 · PowerJob/PowerJob · GitHub

PowerJob Remote Command/Code Execution - novy's Blog

About Murphy Security 

Murphy Security is a technology company that provides you with professional software supply chain security management. The core team comes from Baidu, Huawei, Wuyun and other enterprises. The company provides customers with a complete software supply chain security management platform, and provides software with a full life cycle around SBOM Security management, platform capabilities include software component analysis, source security management, container image detection, vulnerability intelligence early warning and commercial software supply chain access assessment and other products. Provide customers with complete control capabilities from supply chain asset identification management, risk detection, security control, and one-key repair.

Open source project: https://github.com/murphysecurity/murphysec/?sf=qbyj

The product can be integrated with various tools in the existing development process at a very low cost, including seamless integration with dozens of tools such as IDE, Gitlab, Bitbucket, Jenkins, Harbor, and Nexus.

Free code security detection tool:  https://www.murphysec.com/?sf=qbyj
Free intelligence subscription: https://www.oscs1024.com/cm/?sf=qbyj


Guess you like

Origin blog.csdn.net/murphysec/article/details/132037218
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com