Aizuda Snail-Job Deserialization Vulnerability in Workflow-Task Management Module Allowing Remote Command Execution

A critical deserialization vulnerability has been identified in Aizuda Snail-Job version 1.4.0, specifically within the Workflow-Task Management Module. The issue arises in the 'getRuntime' function of the 'check-node-expression' workflow file. The vulnerability allows authenticated users to manipulate the 'nodeExpression' argument, leading to the execution of arbitrary commands on the server. This flaw can be exploited remotely, with the necessary technical details and a public proof-of-concept exploit available.

Impact

Exploitation of this vulnerability allows for remote command execution on the server where Aizuda Snail-Job is running.

Reproduction

To reproduce this vulnerability, an authenticated user can create a decision node in the Workflow-Task Management module. During the creation process, the user should input a crafted SpEL expression that includes a command to be executed, such as one that opens the calculator application. Once the expression is submitted, the application will execute the command on the server, demonstrating the vulnerability.

Remediation

It is recommended to update to a version of Aizuda Snail-Job that addresses this vulnerability. Users can check the official Gitee repository for the latest releases.