Vulnerabilities > Hutool > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-08 CVE-2023-42276 Classic Buffer Overflow vulnerability in Hutool 5.8.21
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
network
low complexity
hutool CWE-120
critical
 9.8
9.8
2023-09-08 CVE-2023-42277 Classic Buffer Overflow vulnerability in Hutool 5.8.21
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.
network
low complexity
hutool CWE-120
critical
 9.8
9.8
2023-01-31 CVE-2023-24162 Deserialization of Untrusted Data vulnerability in Hutool 5.8.11
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.
network
low complexity
hutool CWE-502
critical
 9.8
9.8
2023-01-31 CVE-2023-24163 SQL Injection vulnerability in Hutool
SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.
network
low complexity
hutool CWE-89
critical
 9.8
9.8