Hutool Security Vulnerabilities and Issues — Hutool CVE List

Lucene search

HutoolHutool

8 matches found

CVE•added 2023/01/31 4:15 p.m.•144 views

CVE-2023-24162

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.

9.8CVSS9.6AI score0.00151EPSS

CVE•added 2023/06/13 4:15 p.m.•133 views

CVE-2023-33695

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.

7.1CVSS6.7AI score0.00026EPSS

CVE•added 2023/01/31 4:15 p.m.•109 views

CVE-2023-24163

SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.

9.8CVSS9.7AI score0.00116EPSS

CVE•added 2023/09/08 10:15 p.m.•98 views

CVE-2023-42278

hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().

7.5CVSS7.6AI score0.00368EPSS

CVE•added 2023/09/08 10:15 p.m.•97 views

CVE-2023-42276

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.

9.8CVSS9.7AI score0.00211EPSS

CVE•added 2023/09/08 10:15 p.m.•89 views

CVE-2023-42277

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.

9.8CVSS9.7AI score0.00211EPSS

CVE•added 2023/12/27 9:15 p.m.•53 views

CVE-2023-51075

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.

7.5CVSS7.3AI score0.00141EPSS

CVE•added 2023/12/27 9:15 p.m.•41 views

CVE-2023-51080

The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.

7.5CVSS7.4AI score0.00078EPSS