Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/cn.hutool/hutool-all@4.1.2

Type maven

Namespace cn.hutool

Name hutool-all

Version 4.1.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.8.12

Latest_non_vulnerable_version 5.8.21

Affected_by_vulnerabilities

url VCID-kws5-vmk8-nkgh

vulnerability_id VCID-kws5-vmk8-nkgh

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24163

reference_id

reference_type

scores

value	0.00454
scoring_system	epss
scoring_elements	0.63773
published_at	2026-04-07T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63852
published_at	2026-04-18T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63843
published_at	2026-04-16T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63807
published_at	2026-04-13T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63855
published_at	2026-04-11T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63841
published_at	2026-04-21T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63789
published_at	2026-04-02T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63816
published_at	2026-04-04T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63824
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24163

reference_url

https://gitee.com/dromara/hutool

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://gitee.com/dromara/hutool

reference_url

https://gitee.com/dromara/hutool/issues/I6AJWJ#note_15801868

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-27T14:41:45Z/

url

https://gitee.com/dromara/hutool/issues/I6AJWJ#note_15801868

reference_url

https://gitee.com/dromara/hutool/issues/I6AJWJ#note_20057806_link

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-27T14:41:45Z/

url

https://gitee.com/dromara/hutool/issues/I6AJWJ#note_20057806_link

reference_url

https://github.com/dromara/hutool/issues/3149

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-27T14:41:45Z/

url

https://github.com/dromara/hutool/issues/3149

reference_url

https://github.com/dromara/hutool/releases/tag/5.8.21

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-27T14:41:45Z/

url

https://github.com/dromara/hutool/releases/tag/5.8.21

reference_url

https://github.com/google/osv.dev/issues/2195

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-27T14:41:45Z/

url

https://github.com/google/osv.dev/issues/2195

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24163

reference_id

CVE-2023-24163

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24163

reference_url

https://github.com/advisories/GHSA-6c25-cxcc-pmc4

reference_id

GHSA-6c25-cxcc-pmc4

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6c25-cxcc-pmc4

fixed_packages

url	pkg:maven/cn.hutool/hutool-all@5.8.12
purl	pkg:maven/cn.hutool/hutool-all@5.8.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-all@5.8.12

url	pkg:maven/cn.hutool/hutool-all@5.8.21
purl	pkg:maven/cn.hutool/hutool-all@5.8.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-all@5.8.21

aliases CVE-2023-24163, GHSA-6c25-cxcc-pmc4

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kws5-vmk8-nkgh

url VCID-r6jz-gmx9-m3g4

vulnerability_id VCID-r6jz-gmx9-m3g4

summary

Deserialization of Untrusted Data
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24162

reference_id

reference_type

scores

value	0.00836
scoring_system	epss
scoring_elements	0.74615
published_at	2026-04-04T12:55:00Z

value	0.00836
scoring_system	epss
scoring_elements	0.74665
published_at	2026-04-21T12:55:00Z

value	0.00836
scoring_system	epss
scoring_elements	0.74674
published_at	2026-04-18T12:55:00Z

value	0.00836
scoring_system	epss
scoring_elements	0.74667
published_at	2026-04-16T12:55:00Z

value	0.00836
scoring_system	epss
scoring_elements	0.7463
published_at	2026-04-13T12:55:00Z

value	0.00836
scoring_system	epss
scoring_elements	0.74638
published_at	2026-04-12T12:55:00Z

value	0.00836
scoring_system	epss
scoring_elements	0.74658
published_at	2026-04-11T12:55:00Z

value	0.00836
scoring_system	epss
scoring_elements	0.74635
published_at	2026-04-09T12:55:00Z

value	0.00836
scoring_system	epss
scoring_elements	0.74621
published_at	2026-04-08T12:55:00Z

value	0.00836
scoring_system	epss
scoring_elements	0.74588
published_at	2026-04-02T12:55:00Z

value	0.00836
scoring_system	epss
scoring_elements	0.74589
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24162

reference_url

https://gitee.com/dromara/hutool

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://gitee.com/dromara/hutool

reference_url

https://gitee.com/dromara/hutool/issues/I6AEX2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:44:34Z/

url

https://gitee.com/dromara/hutool/issues/I6AEX2

reference_url

https://github.com/dromara/hutool/issues/2855

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:44:34Z/

url

https://github.com/dromara/hutool/issues/2855

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24162

reference_id

CVE-2023-24162

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24162

reference_url

https://github.com/advisories/GHSA-77h8-5j3h-jcjf

reference_id

GHSA-77h8-5j3h-jcjf

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-77h8-5j3h-jcjf

fixed_packages

url	pkg:maven/cn.hutool/hutool-all@5.8.12
purl	pkg:maven/cn.hutool/hutool-all@5.8.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-all@5.8.12

aliases CVE-2023-24162, GHSA-77h8-5j3h-jcjf

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r6jz-gmx9-m3g4

url VCID-wxa6-9nyj-93av

vulnerability_id VCID-wxa6-9nyj-93av

summary The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17297

reference_id

reference_type

scores

value	0.00425
scoring_system	epss
scoring_elements	0.62275
published_at	2026-04-21T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62217
published_at	2026-04-04T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62184
published_at	2026-04-07T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62234
published_at	2026-04-08T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62251
published_at	2026-04-09T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.6227
published_at	2026-04-11T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62259
published_at	2026-04-12T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62238
published_at	2026-04-13T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62283
published_at	2026-04-16T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.6229
published_at	2026-04-18T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62126
published_at	2026-04-01T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62187
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17297

reference_url

https://github.com/looly/hutool

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/looly/hutool

reference_url	https://github.com/looly/hutool/commit/8d7d0b7fb5ea4f7447b40131bffc1ec506a6528e
reference_id
reference_type
scores
url	https://github.com/looly/hutool/commit/8d7d0b7fb5ea4f7447b40131bffc1ec506a6528e

reference_url	https://github.com/looly/hutool/commit/9f8a801c7b98b75ee681c0988e1a58bcfdc21756
reference_id
reference_type
scores
url	https://github.com/looly/hutool/commit/9f8a801c7b98b75ee681c0988e1a58bcfdc21756

reference_url	https://github.com/looly/hutool/commit/fed1a1f747a9308e2f65f8dbbff05ce62478ecc0
reference_id
reference_type
scores
url	https://github.com/looly/hutool/commit/fed1a1f747a9308e2f65f8dbbff05ce62478ecc0

reference_url

https://github.com/looly/hutool/issues/162

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/looly/hutool/issues/162

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-17297

reference_id

CVE-2018-17297

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-17297

reference_url

https://github.com/advisories/GHSA-rhq2-2574-78mc

reference_id

GHSA-rhq2-2574-78mc

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rhq2-2574-78mc

fixed_packages

url pkg:maven/cn.hutool/hutool-all@4.1.12

purl pkg:maven/cn.hutool/hutool-all@4.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kws5-vmk8-nkgh

vulnerability	VCID-r6jz-gmx9-m3g4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-all@4.1.12

aliases CVE-2018-17297, GHSA-rhq2-2574-78mc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxa6-9nyj-93av

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-all@4.1.2

Package Instance