Lucene search
K

29 matches found

OSV
OSV
added 2023/01/31 6:30 p.m.2 views

GHSA-77H8-5J3H-JCJF Dromara Hutool Deserialization of Untrusted Data vulnerability

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter...

9.8CVSS6.2AI score0.0127EPSS
Exploits1References4
NVD
NVD
added 2023/01/31 4:15 p.m.15 views

CVE-2023-24162

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter...

9.8CVSS9.6AI score0.0127EPSS
Exploits1References2
Prion
Prion
added 2023/01/31 4:15 p.m.13 views

Deserialization of untrusted data

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter...

7.5CVSS9.7AI score0.0127EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/01/31 12:0 a.m.158 views

CVE-2023-24162

CVE-2023-24162 is a deserialization vulnerability in Dromara Hutool v5.8.11. The issue allows an attacker to achieve arbitrary code execution through XmlUtil.readObjectFromXml. Connected sources confirm the product and vulnerable component, but the documents do not provide concrete exploit detail...

9.8CVSS9.6AI score0.0127EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.5 views

Hutool 代码问题漏洞

Hutool is a small but comprehensive Java tool library from the Chinese Dromara community. A security vulnerability exists in Dromara Hutool version v5.8.11. An attacker can exploit this vulnerability to execute arbitrary code via the XmlUtil.readObjectFromXml parameter...

9.8CVSS8.9AI score0.0127EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/01/31 12:0 a.m.5 views

PT-2023-19450 · Dromara · Dromara Hutool

Name of the Vulnerable Software and Affected Versions: Dromara Hutool version 5.8.11 Description: A deserialization issue allows an attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. This enables the attacker to potentially gain control over the system. Recommendation...

9.8CVSS9.7AI score0.0127EPSS
Exploits1References7
OSV
OSV
added 2023/01/31 12:0 a.m.17 views

CVE-2023-24162

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter...

9.8CVSS9.7AI score0.0127EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/01/31 12:0 a.m.7 views

CVE-2023-24162

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter...

9.6AI score0.0127EPSS
Exploits1References2
ossfuzz
ossfuzz
added 2018/12/23 6:36 a.m.21 views

tinyxml2/xmltest: Use-of-uninitialized-value in tinyxml2::XMLUtil::StringEqual

Project: https://github.com/leethomason/tinyxml2.git Detailed report: https://oss-fuzz.com/testcase?key=5763247731376128 Project: tinyxml2 Fuzzer: libFuzzerxmltest Fuzz target binary: xmltest Job Type: libfuzzermsantinyxml2 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

6.8AI score
Exploits0Affected Software1
Rows per page
Query Builder