4 matches found
cc.zhaoac:faith-permission (=1.1.0), cc.zhaoac:faith-tool-boot (=1.1.0) +838 more potentially affected by CVE-2025-56769 via cn.hutool:hutool-extra (>=5.0.0 <=5.8.4)
cn.hutool:hutool-extra MAVEN version =5.0.0, =1.0.0, =1.0.0, =1.2.0 - cn.fscode.common:common-core-spring-boot-starter =0.0.1 - cn.fscode.common:common-data-mate-spring-boot-starter =0.0.1 - cn.fscode.common:common-dynamic-datasource-spring-boot-starter =0.0.1 and more Source cves: CVE-2025-56769...
cc.zhaoac:faith-permission (=1.1.0), cc.zhaoac:faith-tool-boot (=1.1.0) +865 more potentially affected by CVE-2025-56769 via cn.hutool:hutool-extra (>=4.5.11 <=5.8.4)
cn.hutool:hutool-extra MAVEN version =4.5.11, =1.0.0, =1.0.0, =1.2.0 - cn.fscode.common:common-core-spring-boot-starter =0.0.1 - cn.fscode.common:common-data-mate-spring-boot-starter =0.0.1 - cn.fscode.common:common-dynamic-datasource-spring-boot-starter =0.0.1 and more Source cves: CVE-2025-5676...
CVE-2025-56769
An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution RCE via the QLExpressEngine class...
CVE-2025-56769
CVE-2025-56769 affects chinabugotech Hutool (hutool/ hutool-extra) prior to version 5.8.4 (and related advisories mention 5.8.40) due to insecure handling in the QLExpressEngine . The issue lets an attacker craft expressions that cause arbitrary method invocation, enabling potential remote code e...