GHSA-RXGF-R843-G53H hutool Buffer Overflow vulnerability

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray...

XML External Entity (XXE) Injection

cn.hutool:hutool-all and cn.hutool:hutool-core are vulnerable to XML external entitiy XXE injection attacks. The vulnerability exists in readBySax function of XmlUtil.java due to the use of SAXParserFactory which allows an attacker to parse malicious DTDs as a result of an incorrectly configured...

GHSA-P2QF-9VP6-3JJQ HuTool XML parsing module has blind XXE vulnerability

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference...

GHSA-77H8-5J3H-JCJF Dromara Hutool Deserialization of Untrusted Data vulnerability

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter...

Hutool 缓冲区错误漏洞

Hutool is a small but complete Java tool library for the Chinese Dromara community. A security vulnerability exists in Hutool version v5.8.10, which originates from a stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component, allowing an attacker to cause a denial of servic...

CVE-2018-17297

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...