250 matches found
CVE-2022-45689
hutool-json v5.8.10 was discovered to contain an out of memory error...
CVE-2022-45688
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...
CVE-2022-45690
A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...
CVE-2022-22885
Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer.deserializeFromArray function. By sending a...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in its dependencies (CVE-2022-45688, CVE-2023-28439, CVE-2023-33201, CVE-2023-41900, CVE-2023-36479, CVE-2023-40167, CVE-2023-36478, )
Summary Multiple vulnerabilities over HuTool, JSON-java, CKEditor4, Bouncy Castle and Eclipse Jetty is affecting IBM Sterling Control Center v6.2.1.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is...
Security Bulletin: Vulnerabilities in JSON-java, Hutool and Jettison might affect IBM Storage Copy Data Management.
Summary IIBM Storage Copy Data Management can be affected by vulnerabilities in JSON-java, Hutool and Jettison . Vulnerabilities include a remote attacker could exploit these vulnerabilities to cause a denial of service as described by the CVEs in the "Vulnerability Details" section. Vulnerabilit...
Security Bulletin: IBM B2B Sterling Integrator is affected by Hutool's denial of service
Summary IBM B2B Sterling Integrator is affected by Hutool's denial of service Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By persuading a specially crafted request, a remote attacker could exploit this...
SUSE CVE-2022-45688
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to Hutool (CVE-2022-45688)
Summary IBM Sterling Partner Engagement Manager uses Hutool. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By persuading a special...
DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and Server
This High severity org.json:json Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...
Exploit for Out-of-bounds Write in Hutool
json.org CVE-2022-45688 false positive The project contains...
Exploit for Out-of-bounds Write in Hutool
json.org CVE-2022-45688 false positive The project contains...
Stack Overflow
cn.hutool: hutool-core is vulnerable to Stack Overflow Error. The vulnerability is due to a defect in the NumberUtil.toBigDecimal function which results in StackOverflowError when a NaN value is passed as an argument to the function. This eventually results in application crash resulting in Denia...
Stack Overflow
cn.hutoolhutool-core is vulnerable to Stack Overflow. The vulnerability is due to a infinite loop in the StrSplitter.splitByRegex method which results in a StackOverflow. This can eventually result in an application crash resulting in Denial Of Service DoS...
ai.foxpay.api:foxpay-sdk (>=1.0 <=1.1), ai.genauth:genauth-java-sdk (=3.1.11) +2519 more potentially affected by CVE-2023-51075 via cn.hutool:hutool-core (>=4.0.0 <=5.8.23)
cn.hutool:hutool-core MAVEN version =4.0.0, =1.0, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =j8.2.2.0, =1.0.2, =1.0.4 and more Source cves: CVE-2023-51075 Source advisory: OSV:GHSA-7M7H-RGVP-3V4R...
GHSA-7M7H-RGVP-3V4R hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service DoS via manipulation of the first two parameters...
GHSA-M5HF-M3R2-XQ53 hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method
The NumberUtil.toBigDecimal method in hutool-core was discovered to contain a stack overflow...
hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method
The NumberUtil.toBigDecimal method in hutool-core was discovered to contain a stack overflow...
hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service DoS via manipulation of the first two parameters...