A vulnerability classified as problematic was found in Xuxueli xxl-job version 2.4.0. This vulnerability affects the function `deserialize` of the file `com/xxl/job/core/util/JdkSerializeTool.java` of the component `Template Handler`. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.

Affected Packages

Maven com.xuxueli:xxl-job-core

Affected versions: 0 (last affected: 2.4.0)

Related CVEs

CVE-2024-3366

Key Information

GHSA ID

GHSA-2v42-xp3j-47m4

Published

April 6, 2024 12:30 PM

Last Modified

May 23, 2025 6:32 PM

CVSS Score

2.5 /10

Primary Ecosystem

Maven

Primary Package

com.xuxueli:xxl-job-core

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.