CVE-2024-24113

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 8, 2024

Updated: Feb 15, 2024

CWE ID 918

Summary

CVE-2024-24113 is a Server-Side Request Forgery (SSRF) vulnerability affecting the xxl-job version below 2.4.1. This issue allows low-privileged users to manipulate the executor, potentially leading to Remote Code Execution (RCE). By crafting malicious SSRF requests, attackers can hijack the request handling process and execute arbitrary code on the affected system. This vulnerability poses a significant risk and requires immediate remediation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uRnPCx
https://www.cve.org/CVERecord?id=CVE-2024-24113
https://nvd.nist.gov/vuln/detail/CVE-2024-24113

Back to Vulnerability Database

CVE-2024-24113

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations