CVE-2023-39017: Code Injection
First published: Fri Jul 28 2023(Updated: )
** DISPUTED ** quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Softwareag Quartz | <=2.3.2 | |
| <=2.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-39017?
CVE-2023-39017 is a code injection vulnerability in quartz-jobs 2.3.2 and below.
How severe is CVE-2023-39017?
CVE-2023-39017 has a severity rating of 9.8, which is considered critical.
Which software versions are affected by CVE-2023-39017?
Versions 2.3.2 and below of quartz-jobs are affected by CVE-2023-39017.
How can CVE-2023-39017 be exploited?
CVE-2023-39017 can be exploited by passing an unchecked argument to the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute.
Is there a fix available for CVE-2023-39017?
As of now, there is no official fix available for CVE-2023-39017. It is recommended to follow the discussion on the related GitHub issue for updates.
- collector/nvd-index
- agent/author
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/status
- agent/first-publish-date
- agent/description
- collector/nvd-latest
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- status/disputed
- vendor/softwareag
- canonical/softwareag quartz
- version/softwareag quartz/2.3.2