5 matches found
Remote Code Execution (RCE)
cn.hutool, hutool-extra is vulnerable to remote code execution RCE. The vulnerability is due to improper expression handling in the QLExpressEngine class, which allows an attacker to execute arbitrary expressions leading to arbitrary method invocation and potential remote code execution...
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via the QLExpressEngine process. An attacker can execute arbitrary code by submitting crafted expressions that trigger...
cc.zhaoac:faith-permission (=1.1.0), cc.zhaoac:faith-tool-boot (=1.1.0) +862 more potentially affected by CVE-2025-56769 via cn.hutool:hutool-extra (>=4.5.11 <=5.8.4)
cn.hutool:hutool-extra MAVEN version =4.5.11, =1.0.0, =1.0.0, =1.2.0 - cn.fscode.common:common-core-spring-boot-starter =0.0.1 - cn.fscode.common:common-data-mate-spring-boot-starter =0.0.1 - cn.fscode.common:common-dynamic-datasource-spring-boot-starter =0.0.1 and more Source cves: CVE-2025-5676...
cc.zhaoac:faith-permission (=1.1.0), cc.zhaoac:faith-tool-boot (=1.1.0) +835 more potentially affected by CVE-2025-56769 via cn.hutool:hutool-extra (>=5.0.0 <=5.8.4)
cn.hutool:hutool-extra MAVEN version =5.0.0, =1.0.0, =1.0.0, =1.2.0 - cn.fscode.common:common-core-spring-boot-starter =0.0.1 - cn.fscode.common:common-data-mate-spring-boot-starter =0.0.1 - cn.fscode.common:common-dynamic-datasource-spring-boot-starter =0.0.1 and more Source cves: CVE-2025-56769...
cn.hutool:hutool-aop (>=4.0.0 <=4.1.11), cn.hutool:hutool-bloomFilter (>=4.0.0 <=4.1.11) +79 more potentially affected by CVE-2018-17297 via cn.hutool:hutool-core (>=4.0.0 <=4.1.11)
cn.hutool:hutool-core MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.1.11 and more Source cves: CVE-2018-17297 Source advisory: OSV:GHSA-RHQ2-2574-78MC...