CVE-2022-20205

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

Information Disclosure

Hutool Core is vulnerable to Information Disclosure. The vulnerability exists in createTempFile function at FileUtil.java because the temporary file has insecure default permissions which allows an attacker to read the file on the system...

CVE-2023-33695

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile function at /core/io/FileUtil.java...

CVE-2023-33695

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile function at /core/io/FileUtil.java...

Hutool 安全漏洞

Hutool is a small but complete Java tool library from the Chinese Dromara community. A security vulnerability exists in Hutool v5.8.17 and earlier versions, which originates from an information disclosure vulnerability in the File.createTempFile function in /core/io/FileUtil.java...

CVE-2023-33695

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile function at /core/io/FileUtil.java...

Path Traversal

uimaj-core is vulnerable to path traversal. The vulnerability is due to FileUtil.java, which allows an attacker to create files outside the designated target directory using carefully crafted zip file names...

CVE-2022-20205

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

CVE-2022-20205

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

Input validation

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

CVE-2022-20205

CVE-2022-20205 describes an information-disclosure issue in Android where isFileUri in FileUtil.java may bypass the file:// scheme check due to improper input validation. The vulnerability allows local information disclosure without extra privileges, with exploitation not requiring user interacti...