Vulnerabilities > Hutool

DATE CVE VULNERABILITY TITLE RISK
2023-12-27 CVE-2023-51075 Infinite Loop vulnerability in Hutool 5.8.23
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function.
network
low complexity
hutool CWE-835
7.5
2023-12-27 CVE-2023-51080 Out-of-bounds Write vulnerability in Hutool 5.8.23
The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
network
low complexity
hutool CWE-787
7.5
2023-09-08 CVE-2023-42276 Classic Buffer Overflow vulnerability in Hutool 5.8.21
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
network
low complexity
hutool CWE-120
critical
9.8
2023-09-08 CVE-2023-42277 Classic Buffer Overflow vulnerability in Hutool 5.8.21
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.
network
low complexity
hutool CWE-120
critical
9.8
2023-09-08 CVE-2023-42278 Classic Buffer Overflow vulnerability in Hutool 5.8.21
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().
network
low complexity
hutool CWE-120
7.5
2023-06-13 CVE-2023-33695 Incorrect Permission Assignment for Critical Resource vulnerability in Hutool
Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.
local
low complexity
hutool CWE-732
7.1
2023-01-31 CVE-2023-24162 Deserialization of Untrusted Data vulnerability in Hutool 5.8.11
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.
network
low complexity
hutool CWE-502
critical
9.8
2023-01-31 CVE-2023-24163 SQL Injection vulnerability in Hutool
SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.
network
low complexity
hutool CWE-89
critical
9.8
2022-12-16 CVE-2022-4565 Improper Resource Shutdown or Release vulnerability in Hutool
A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10.
network
low complexity
hutool CWE-404
7.5
2022-12-13 CVE-2022-45688 Out-of-bounds Write vulnerability in multiple products
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
network
low complexity
hutool json-java-project CWE-787
7.5