-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.xuxueli:xxl-job | maven | <= 2.2.0 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly references UserController.java as the source of exposure. In typical Spring MVC implementations, controller methods mapped to endpoints handle data retrieval. The CWE-200 classification indicates unauthorized data exposure, suggesting the controller's list() method (or equivalent) returns user records containing sensitive fields without authentication/authorization checks. The high confidence stems from the direct reference to UserController.java in the advisory and the nature of the exposed data matching common user entity attributes.
JavaJavaOngoing coverage of React2Shell