Maven package
cn.hutool/hutool-json
pkg:maven/cn.hutool/hutool-json
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-42278 | — | < 5.8.22 | 5.8.22 | Sep 8, 2023 | hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse(). | ||
| CVE-2023-42277 | — | <= 5.8.21 | — | Sep 8, 2023 | hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath. | ||
| CVE-2023-42276 | — | <= 5.8.21 | — | Sep 8, 2023 | hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray. | ||
| CVE-2022-45690 | — | < 5.8.11 | 5.8.11 | Dec 13, 2022 | A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. | ||
| CVE-2022-45689 | — | <= 5.8.10 | — | Dec 13, 2022 | hutool-json v5.8.10 was discovered to contain an out of memory error. | ||
| CVE-2022-45688 | — | < 5.8.25 | 5.8.25 | Dec 13, 2022 | A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. |
- CVE-2023-42278Sep 8, 2023affected < 5.8.22fixed 5.8.22
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().
- CVE-2023-42277Sep 8, 2023affected <= 5.8.21
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.
- CVE-2023-42276Sep 8, 2023affected <= 5.8.21
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
- CVE-2022-45690Dec 13, 2022affected < 5.8.11fixed 5.8.11
A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
- CVE-2022-45689Dec 13, 2022affected <= 5.8.10
hutool-json v5.8.10 was discovered to contain an out of memory error.
- CVE-2022-45688Dec 13, 2022affected < 5.8.25fixed 5.8.25
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.