CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51075
https://notcve.org/view.php?id=CVE-2023-51075
27 Dec 2023 — hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters. Se descubrió que hutool-core v5.8.23 contenía un bucle infinito en la función StrSplitter.splitByRegex. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) mediante la manipulación de los dos primeros parámetros. • https://github.com/dromara/hutool/issues/3421 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51080
https://notcve.org/view.php?id=CVE-2023-51080
27 Dec 2023 — The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow. Se descubrió que el método NumberUtil.toBigDecimal en hutool-core v5.8.23 contenía un desbordamiento de pila. • https://github.com/dromara/hutool/issues/3423 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42276
https://notcve.org/view.php?id=CVE-2023-42276
08 Sep 2023 — hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray. Se descubrió que hutool v5.8.21 contenía un desbordamiento del búfer de memoria a través del componente jsonArray. • https://github.com/dromara/hutool/issues/3286 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42277
https://notcve.org/view.php?id=CVE-2023-42277
08 Sep 2023 — hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath. Se descubrió que hutool v5.8.21 contenía un desbordamiento del búfer de memoria a través del componente jsonObject.putByPath. • https://github.com/dromara/hutool/issues/3285 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42278
https://notcve.org/view.php?id=CVE-2023-42278
08 Sep 2023 — hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse(). Se descubrió que hutool v5.8.21 contenía un desbordamiento del búfer de memoria a través del componente JSONUtil.parse(). • https://github.com/dromara/hutool/issues/3289 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33695
https://notcve.org/view.php?id=CVE-2023-33695
13 Jun 2023 — Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. • https://github.com/dromara/hutool/issues/3103 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-24162
https://notcve.org/view.php?id=CVE-2023-24162
31 Jan 2023 — Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. Vulnerabilidad de deserialización en Dromara Hutool v5.8.11 permite a un atacante ejecutar código arbitrario a través del parámetro XmlUtil.readObjectFromXml. • https://gitee.com/dromara/hutool/issues/I6AEX2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-24163
https://notcve.org/view.php?id=CVE-2023-24163
31 Jan 2023 — SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine. La vulnerabilidad de inyección SQL en Dromara hutool v5.8.11 permite a un atacante ejecutar código arbitrario a través del motor de plantilla aviator. • https://gitee.com/dromara/hutool/issues/I6AJWJ#note_15801868 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4565 – Dromara HuTool cn.hutool.core.util.ZipUtil.java resource consumption
https://notcve.org/view.php?id=CVE-2022-4565
16 Dec 2022 — A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dromara/hutool/issues/2797 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2022-45688
https://notcve.org/view.php?id=CVE-2022-45688
13 Dec 2022 — A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. Un desbordamiento de pila en el componente XML.toJSONObject de hutool-json v5.8.10 permite a los atacantes provocar una Denegación de Servicio (DoS) a través de datos JSON o XML manipulados. • https://github.com/scabench/jsonorg-tp1 • CWE-787: Out-of-bounds Write •