hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-27
Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-06-13
SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-01-31