Spring Web UriComponentsBuilder URL解析不当漏洞（CVE-2024-22259）

Question

Spring Web UriComponentsBuilder URL解析不当漏洞（CVE-2024-22259）

Opened this issue 5 months ago · 0 comments

cnn007 commented 5 months ago

Please answer some questions before submitting your issue. Thanks!

Which version of XXL-JOB do you using?

v2.4.0

Expected behavior

Actual behavior

Steps to reproduce the behavior

Other information

软件：spring-web(jar) 5.3.25
路径：/app.jar(BOOT-INF/lib/spring-web-5.3.25.jar)
命中：spring-web(jar) version less than 5.3.33
容器名称：xxl-job-exec
镜像名称：xxl-job-executor:2024-04-08