5 matches found
CVE-2023-24162
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter...
art.rightbrain.tool.vega:vega_api (>=1.0.0 <=1.0.3), cc.autoapi.pucong:auto-flow-core-flow (>=2.0.0 <=2.0.9) +5080 more potentially affected by CVE-2023-24162 via cn.hutool:hutool-all (>=4.0.1 <=5.8.11)
cn.hutool:hutool-all MAVEN version =4.0.1, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.5.0, =0.1.0, =0.3.0, =0.5.0, =0.3.0, =0.3.0, =0.2.0, =0.2.0, =0.4.0, =0.8.0 and more Source cves: CVE-2023-24162 Source advisory: OSV:GHSA-77H8-5J3H-JCJF...
CVE-2023-24162
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter...
CVE-2023-24162
CVE-2023-24162 is a deserialization vulnerability in Dromara Hutool v5.8.11. The issue allows an attacker to achieve arbitrary code execution through XmlUtil.readObjectFromXml. Connected sources confirm the product and vulnerable component, but the documents do not provide concrete exploit detail...
CVE-2023-24162
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter...