cn.hutool:hutool-core
Maven9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting cn.hutool:hutool-corepage 1 of 1
- CVE-2018-17297HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.122018-09-21
vulnerable: 4.0.0 ... 4.1.9 (25 versions)
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.
- CVE-2022-4565MEDIUMCVSS 4.3EG 4.3✓ Fixed in 5.8.112022-12-16
vulnerable: 4.0.0 ... 5.8.9 (177 versions)
A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be ini…
- CVE-2023-3276MEDIUMCVSS 5.5EG 7.52023-06-15
vulnerable: 4.0.0 ... 5.8.9 (186 versions)
A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to x…
- CVE-2023-33695HIGHCVSS 7.1EG 7.1✓ Fixed in 5.8.192023-06-13
vulnerable: 4.0.0 ... 5.8.9 (185 versions)
Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.
- CVE-2023-42276CRITICALCVSS 9.8EG 9.82023-09-08
vulnerable: 4.0.0 ... 5.8.9 (188 versions)
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
- CVE-2023-42277CRITICALCVSS 9.8EG 9.82023-09-08
vulnerable: 4.0.0 ... 5.8.9 (188 versions)
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.
- CVE-2023-42278HIGHCVSS 7.5EG 7.5✓ Fixed in 5.8.222023-09-08
vulnerable: 4.0.0 ... 5.8.9 (188 versions)
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().
- CVE-2023-51075HIGHCVSS 7.5EG 7.5✓ Fixed in 5.8.242023-12-27
vulnerable: 4.0.0 ... 5.8.9 (190 versions)
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.
- CVE-2023-51080HIGHCVSS 7.5EG 7.5✓ Fixed in 5.8.252023-12-27
vulnerable: 5.8.22, 5.8.23, 5.8.24
The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
Check whether cn.hutool:hutool-core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for cn.hutool:hutool-core CVEs against the assets you own.
Start Free Scan →