5 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. • https://fbdhhhh47.github.io/2023/06/06/hutool-XXE https://vuldb.com/?ctiid.231626 https://vuldb.com/?id.231626 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. • https://github.com/dromara/hutool/issues/3103 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine. La vulnerabilidad de inyección SQL en Dromara hutool v5.8.11 permite a un atacante ejecutar código arbitrario a través del motor de plantilla aviator. • https://gitee.com/dromara/hutool/issues/I6AJWJ#note_15801868 https://gitee.com/dromara/hutool/issues/I6AJWJ#note_20057806_link https://github.com/dromara/hutool/issues/3149 https://github.com/dromara/hutool/releases/tag/5.8.21 https://github.com/google/osv.dev/issues/2195 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dromara/hutool/issues/2797 https://vuldb.com/?id.215974 • CWE-404: Improper Resource Shutdown or Release •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. La función unzip en ZipUtil.java en Hutool en versiones anteriores a la 4.1.12 permite a los atacantes remotos sobrescribir archivos arbitrarios mediante secuencias de salto de directorio en un nombre de archivo en un archivo ZIP. • https://github.com/looly/hutool/issues/162 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •