cn.hutool:hutool-json

Maven6 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting cn.hutool:hutool-jsonpage 1 of 1

CVE-2022-45688HIGHCVSS 7.5EG 7.5✓ Fixed in 5.8.25
2022-12-13
vulnerable: 4.0.0 ... 5.8.9 (191 versions)
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CVE-2022-45689HIGHCVSS 7.5EG 7.5
2022-12-13
vulnerable: 4.0.0 ... 5.8.9 (177 versions)
hutool-json v5.8.10 was discovered to contain an out of memory error.
CVE-2022-45690HIGHCVSS 7.5EG 7.5✓ Fixed in 5.8.11
2022-12-13
vulnerable: 4.0.0 ... 5.8.9 (177 versions)
A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CVE-2023-42276CRITICALCVSS 9.8EG 9.8
2023-09-08
vulnerable: 4.0.0 ... 5.8.9 (188 versions)
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
CVE-2023-42277CRITICALCVSS 9.8EG 9.8
2023-09-08
vulnerable: 4.0.0 ... 5.8.9 (188 versions)
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.
CVE-2023-42278HIGHCVSS 7.5EG 7.5✓ Fixed in 5.8.22
2023-09-08
vulnerable: 4.0.0 ... 5.8.9 (188 versions)
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().

Check whether cn.hutool:hutool-json is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for cn.hutool:hutool-json CVEs against the assets you own.

Start Free Scan →