An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-25
The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-27