Vulnerabilities > Hutool
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-27 | CVE-2023-51075 | Infinite Loop vulnerability in Hutool 5.8.23 hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. | 7.5 |
2023-12-27 | CVE-2023-51080 | Out-of-bounds Write vulnerability in Hutool 5.8.23 The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow. | 7.5 |
2023-09-08 | CVE-2023-42276 | Classic Buffer Overflow vulnerability in Hutool 5.8.21 hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray. | 9.8 |
2023-09-08 | CVE-2023-42277 | Classic Buffer Overflow vulnerability in Hutool 5.8.21 hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath. | 9.8 |
2023-09-08 | CVE-2023-42278 | Classic Buffer Overflow vulnerability in Hutool 5.8.21 hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse(). | 7.5 |
2023-06-13 | CVE-2023-33695 | Incorrect Permission Assignment for Critical Resource vulnerability in Hutool Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. | 7.1 |
2023-01-31 | CVE-2023-24162 | Deserialization of Untrusted Data vulnerability in Hutool 5.8.11 Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. | 9.8 |
2023-01-31 | CVE-2023-24163 | SQL Injection vulnerability in Hutool SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine. | 9.8 |
2022-12-16 | CVE-2022-4565 | Improper Resource Shutdown or Release vulnerability in Hutool A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. | 7.5 |
2022-12-13 | CVE-2022-45688 | Out-of-bounds Write vulnerability in multiple products A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. | 7.5 |