cn.hutool:hutool-core (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package cn.hutool:hutool-core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2023-51080 — CVSS 7.5 (high): The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
CVE-2023-42278 — CVSS 7.5 (high): hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().
CVE-2023-51075 — CVSS 7.5 (high): hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows…
CVE-2018-17297 — CVSS 7.5 (high): The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal…
CVE-2023-33695 — CVSS 7.1 (high): Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at…
CVE-2023-3276 — CVSS 5.5 (medium): A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function…
CVE-2022-4565 — CVSS 4.3 (medium): A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file…