AIKIDO-2024-10446
quartz is vulnerable to Remote Code Execution (RCE)
55
Medium
quartz java
AIKIDO-2024-10446: quartz is vulnerable to Remote Code Execution (RCE) in versions 2.1.4 - 2.3.2.
Remote Code Execution (RCE)
Vuln in 2.1.4 - 2.3.2
Fixed in 2.4.0
No CVE available
TL;DR
Affected versions of the package are vulnerable to remote code execution (RCE) when using "NativeJob" class from "quartz-jobs" artifact. While it is possible to safely use this Job class, it is a risk for users that don’t engage some thought.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges and if you are using the "NativeJob" class.
How can it be fixed?
Upgrade quartz library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US