CVE-2023-39017: Code Injection

Q: What is CVE-2023-39017?

CVE-2023-39017 is a code injection vulnerability in quartz-jobs 2.3.2 and below.

Q: How severe is CVE-2023-39017?

CVE-2023-39017 has a severity rating of 9.8, which is considered critical.

Q: Which software versions are affected by CVE-2023-39017?

Versions 2.3.2 and below of quartz-jobs are affected by CVE-2023-39017.

Q: How can CVE-2023-39017 be exploited?

CVE-2023-39017 can be exploited by passing an unchecked argument to the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute.

Q: Is there a fix available for CVE-2023-39017?

As of now, there is no official fix available for CVE-2023-39017. It is recommended to follow the discussion on the related GitHub issue for updates.

Published Jul 28, 2023

Updated

DISPUTED quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.

Affected Software

1 affected component

Softwareag Quartz<=2.3.2

Event History

Jul 28, 2023

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Disputed

03:15 PM

Frequently Asked Questions

What is CVE-2023-39017?

CVE-2023-39017 is a code injection vulnerability in quartz-jobs 2.3.2 and below.

How severe is CVE-2023-39017?

CVE-2023-39017 has a severity rating of 9.8, which is considered critical.

Which software versions are affected by CVE-2023-39017?

Versions 2.3.2 and below of quartz-jobs are affected by CVE-2023-39017.

How can CVE-2023-39017 be exploited?

CVE-2023-39017 can be exploited by passing an unchecked argument to the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute.

Is there a fix available for CVE-2023-39017?