An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-25
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-12-27
The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-27