CVE-2023-39017

Severity

8.8

Description

quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.

Mitigation

There is no non-vulnerable upgrade path for this component/package. We recommend investigating alternative components or a potential mitigating control.

Related links:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39017

https://github.com/advisories/GHSA-9jc9-7p44-pm6c

Project

Category

n/a

Tags

data

Date Disclosed

2023-07-28

Date Discovered

2023-07-25

Apache TomEE 1.5.x

First release:

2012-09-28

0

Support Lifecycle:

Namespace:

javax

1.5.0 1.5.1 1.5.2

Apache TomEE 1.0.x

First release:

2012-04-27

0

Support Lifecycle:

Namespace:

javax

Feel Vulnerable?

Contact us so we can help you.

First name ^*
Last name ^*
Email ^*
Company ^*
Product ^*
Heard about us from: ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.