Jmrozanec Cron-Utils vulnerabilities
2 known vulnerabilities affecting jmrozanec/cron-utils.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2021-41269P2CRITICALCVSS 9.8fixed in 9.1.62021-11-15
CVE-2021-41269 [CRITICAL] CWE-94 CVE-2021-41269: cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are
nvd
CVE-2020-26238P3HIGHCVSS 8.1fixed in 9.1.32020-11-25
CVE-2020-26238 [HIGH] CWE-74 CVE-2020-26238: Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descrip
Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using t
nvd