Vulnerabilities > Hutool > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-27 | CVE-2023-51075 | Infinite Loop vulnerability in Hutool 5.8.23 hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. | 7.5 |
| 2023-12-27 | CVE-2023-51080 | Out-of-bounds Write vulnerability in Hutool 5.8.23 The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow. | 7.5 |
| 2023-09-08 | CVE-2023-42278 | Classic Buffer Overflow vulnerability in Hutool 5.8.21 hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse(). | 7.5 |
| 2023-06-13 | CVE-2023-33695 | Incorrect Permission Assignment for Critical Resource vulnerability in Hutool Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. | 7.1 |
| 2022-12-16 | CVE-2022-4565 | Improper Resource Shutdown or Release vulnerability in Hutool A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. | 7.5 |
| 2022-12-13 | CVE-2022-45688 | Out-of-bounds Write vulnerability in multiple products A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. | 7.5 |
| 2022-12-13 | CVE-2022-45689 | Out-of-bounds Write vulnerability in Hutool 5.8.10 hutool-json v5.8.10 was discovered to contain an out of memory error. | 7.5 |
| 2022-12-13 | CVE-2022-45690 | Out-of-bounds Write vulnerability in Hutool 5.8.10 A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. | 7.5 |
| 2022-02-16 | CVE-2022-22885 | Improper Certificate Validation vulnerability in Hutool 5.7.18 Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation. | 7.5 |