Walter

**Name of the Vulnerable Software and Affected Versions** WeiYe-Jing datax-web version 2.1.2 **Description** A critical issue has been found in the HTTP POST Request Handler component, specifically affecting some unknown functionality of the file /api/log/killJob. The manipulation of the `processId` argument leads to os command injection. This issue can be exploited remotely. **Recommendations** For WeiYe-Jing datax-web version 2.1.2, consider disabling the `/api/log/killJob` endpoint until a patch is available to prevent os command injection attacks. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `processId` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.