github · unam4 · Apr 15, 2024 · Apr 15, 2024
diff --git a/advisories/github-reviewed/2024/04/GHSA-2v42-xp3j-47m4/GHSA-2v42-xp3j-47m4.json b/advisories/github-reviewed/2024/04/GHSA-2v42-xp3j-47m4/GHSA-2v42-xp3j-47m4.json
@@ -7,11 +7,11 @@
     "CVE-2024-3366"
   ],
   "summary": "Xuxueli xxl-job template injection vulnerability",
-  "details": "A vulnerability classified as problematic was found in Xuxueli xxl-job version 2.4.0. This vulnerability affects the function `deserialize` of the file `com/xxl/job/core/util/JdkSerializeTool.java` of the component `Template Handler`. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.",
+  "details": "A vulnerability classified as problematic was found in Xuxueli xxl-job version 2.4.0. The vulnerability is that freemarker version 2.3.32 is used, and an attacker can write a malicious template file, causing command execution.You can refer to the link https://github.com/xuxueli/xxl-job/issues/3391。\n![image](https://user-images.githubusercontent.com/66824584/322380097-f8cdde93-19cf-460c-a12e-745ffa80f9b7.png)\n![image](https://user-images.githubusercontent.com/66824584/322380150-29a86ec7-278d-432d-9389-7d115447aba9.png)\n",
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
     }
   ],
   "affected": [
@@ -69,7 +69,7 @@
     "cwe_ids": [
       "CWE-74"
     ],
-    "severity": "LOW",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2024-04-08T15:42:15Z",
     "nvd_published_at": "2024-04-06T11:15:08Z"