Maven package
cn.hutool/hutool-all
pkg:maven/cn.hutool/hutool-all
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-24163 | — | < 5.8.21 | 5.8.21 | Jan 31, 2023 | SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine. | ||
| CVE-2023-24162 | — | <= 5.8.11 | — | Jan 31, 2023 | Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. | ||
| CVE-2018-17297 | Hig | 7.5 | < 4.1.12 | 4.1.12 | Sep 21, 2018 | The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. |
- CVE-2023-24163Jan 31, 2023affected < 5.8.21fixed 5.8.21
SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.
- CVE-2023-24162Jan 31, 2023affected <= 5.8.11
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.
- affected < 4.1.12fixed 4.1.12
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.