VYPR

Maven package

cn.hutool/hutool-all

pkg:maven/cn.hutool/hutool-all

Vulnerabilities (3)

  • CVE-2023-24163Jan 31, 2023
    affected < 5.8.21fixed 5.8.21

    SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.

  • CVE-2023-24162Jan 31, 2023
    affected <= 5.8.11

    Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.

  • CVE-2018-17297HigSep 21, 2018
    affected < 4.1.12fixed 4.1.12

    The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.