← Back to CVEs
CVE-2023-39017
CRITICAL9.8
Description
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/28/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
softwareag:quartz
Weaknesses (CWE)
CWE-94
References
https://github.com/quartz-scheduler/quartz/issues/943(cve@mitre.org)
https://github.com/quartz-scheduler/quartz/issues/943(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.