CVE-2023-33695
https://notcve.org/view.php?id=CVE-2023-33695
Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. • https://github.com/dromara/hutool/issues/3103 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-24163
https://notcve.org/view.php?id=CVE-2023-24163
SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine. La vulnerabilidad de inyección SQL en Dromara hutool v5.8.11 permite a un atacante ejecutar código arbitrario a través del motor de plantilla aviator. • https://gitee.com/dromara/hutool/issues/I6AJWJ#note_15801868 https://gitee.com/dromara/hutool/issues/I6AJWJ#note_20057806_link https://github.com/dromara/hutool/issues/3149 https://github.com/dromara/hutool/releases/tag/5.8.21 https://github.com/google/osv.dev/issues/2195 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-24162
https://notcve.org/view.php?id=CVE-2023-24162
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. Vulnerabilidad de deserialización en Dromara Hutool v5.8.11 permite a un atacante ejecutar código arbitrario a través del parámetro XmlUtil.readObjectFromXml. • https://gitee.com/dromara/hutool/issues/I6AEX2 https://github.com/dromara/hutool/issues/2855 • CWE-502: Deserialization of Untrusted Data •
CVE-2022-4565 – Dromara HuTool cn.hutool.core.util.ZipUtil.java resource consumption
https://notcve.org/view.php?id=CVE-2022-4565
A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dromara/hutool/issues/2797 https://vuldb.com/?id.215974 • CWE-404: Improper Resource Shutdown or Release •
CVE-2022-45689
https://notcve.org/view.php?id=CVE-2022-45689
hutool-json v5.8.10 was discovered to contain an out of memory error. Se descubrió que hutool-json v5.8.10 contenía un error de falta de memoria. • https://github.com/dromara/hutool/issues/2747 • CWE-787: Out-of-bounds Write •