Hutool

hutool

Vendor: Hutool • 15 CVEs

CVEs (15)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-56769 1Hutool 1Hutool Oct 3, 2025 Sep 25, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngin...Show more An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class.Show less
CVE-2023-51080 1Hutool 1Hutool Sep 12, 2025 Dec 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
CVE-2023-51075 1Hutool 1Hutool Sep 5, 2025 Dec 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters...Show more hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.Show less
CVE-2023-42278 1Hutool 1Hutool Nov 21, 2024 Sep 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().
CVE-2023-42277 1Hutool 1Hutool Nov 21, 2024 Sep 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.
CVE-2023-42276 1Hutool 1Hutool Sep 12, 2025 Sep 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
CVE-2023-33695 1Hutool 1Hutool Nov 21, 2024 Jun 13, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.
CVE-2023-24163 1Hutool 1Hutool May 16, 2025 Jan 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.
CVE-2023-24162 1Hutool 1Hutool Mar 27, 2025 Jan 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.
CVE-2022-4565 1Hutool 1Hutool Nov 21, 2024 Dec 16, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. Th...Show more A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component. VDB-215974 is the identifier assigned to this vulnerability.Show less
CVE-2022-45690 2Hutool Stleary 2Hutool Json Java Sep 25, 2025 Dec 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CVE-2022-45689 1Hutool 1Hutool Apr 22, 2025 Dec 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 hutool-json v5.8.10 was discovered to contain an out of memory error.
CVE-2022-45688 2Hutool Stleary 2Hutool Json Java Sep 19, 2025 Dec 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CVE-2022-22885 1Hutool 1Hutool Nov 21, 2024 Feb 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation.
CVE-2018-17297 1Hutool 1Hutool Nov 21, 2024 Sep 21, 2018 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.