An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-25
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-12-27
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-08
SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-01-31