Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/cn.hutool/hutool-core@5.8.12
Typemaven
Namespacecn.hutool
Namehutool-core
Version5.8.12
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.8.25
Latest_non_vulnerable_version5.8.25
Affected_by_vulnerabilities
0
url VCID-296h-5dbq-dbf9
vulnerability_id VCID-296h-5dbq-dbf9
summary 
Improper Restriction of XML External Entity Reference
A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but does not respond in any way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3276
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.35305
published_at 2026-04-08T12:55:00Z
1
value 0.00148
scoring_system epss
scoring_elements 0.35377
published_at 2026-04-04T12:55:00Z
2
value 0.00148
scoring_system epss
scoring_elements 0.3526
published_at 2026-04-07T12:55:00Z
3
value 0.00148
scoring_system epss
scoring_elements 0.3535
published_at 2026-04-02T12:55:00Z
4
value 0.00148
scoring_system epss
scoring_elements 0.35329
published_at 2026-04-09T12:55:00Z
5
value 0.00158
scoring_system epss
scoring_elements 0.36644
published_at 2026-04-11T12:55:00Z
6
value 0.00158
scoring_system epss
scoring_elements 0.36632
published_at 2026-04-16T12:55:00Z
7
value 0.00158
scoring_system epss
scoring_elements 0.36586
published_at 2026-04-13T12:55:00Z
8
value 0.00158
scoring_system epss
scoring_elements 0.3661
published_at 2026-04-12T12:55:00Z
9
value 0.00158
scoring_system epss
scoring_elements 0.36554
published_at 2026-04-21T12:55:00Z
10
value 0.00158
scoring_system epss
scoring_elements 0.36614
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3276
1
reference_url https://fbdhhhh47.github.io/2023/06/06/hutool-XXE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://fbdhhhh47.github.io/2023/06/06/hutool-XXE
2
reference_url https://fbdhhhh47.github.io/2023/06/06/hutool-XXE/
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:05:47Z/
url https://fbdhhhh47.github.io/2023/06/06/hutool-XXE/
3
reference_url https://github.com/dromara/hutool
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool
4
reference_url https://vuldb.com/?ctiid.231626
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:05:47Z/
url https://vuldb.com/?ctiid.231626
5
reference_url https://vuldb.com/?id.231626
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:05:47Z/
url https://vuldb.com/?id.231626
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3276
reference_id CVE-2023-3276
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3276
7
reference_url https://github.com/advisories/GHSA-p2qf-9vp6-3jjq
reference_id GHSA-p2qf-9vp6-3jjq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p2qf-9vp6-3jjq
fixed_packages
0
url pkg:maven/cn.hutool/hutool-core@5.8.20
purl pkg:maven/cn.hutool/hutool-core@5.8.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kpd-gcmc-mycc
1
vulnerability VCID-nhsq-y1t2-dbge
2
vulnerability VCID-x1kv-cg2v-yyd7
3
vulnerability VCID-xwj3-1bfz-sbb6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.20
aliases CVE-2023-3276, GHSA-p2qf-9vp6-3jjq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-296h-5dbq-dbf9
1
url VCID-6kpd-gcmc-mycc
vulnerability_id VCID-6kpd-gcmc-mycc
summary 
hutool Buffer Overflow vulnerability
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42277
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43587
published_at 2026-04-08T12:55:00Z
1
value 0.00211
scoring_system epss
scoring_elements 0.43558
published_at 2026-04-21T12:55:00Z
2
value 0.00211
scoring_system epss
scoring_elements 0.43599
published_at 2026-04-04T12:55:00Z
3
value 0.00211
scoring_system epss
scoring_elements 0.43536
published_at 2026-04-07T12:55:00Z
4
value 0.00211
scoring_system epss
scoring_elements 0.43602
published_at 2026-04-09T12:55:00Z
5
value 0.00211
scoring_system epss
scoring_elements 0.43624
published_at 2026-04-18T12:55:00Z
6
value 0.00211
scoring_system epss
scoring_elements 0.43634
published_at 2026-04-16T12:55:00Z
7
value 0.00211
scoring_system epss
scoring_elements 0.43574
published_at 2026-04-13T12:55:00Z
8
value 0.00211
scoring_system epss
scoring_elements 0.4359
published_at 2026-04-12T12:55:00Z
9
value 0.00211
scoring_system epss
scoring_elements 0.43572
published_at 2026-04-02T12:55:00Z
10
value 0.00211
scoring_system epss
scoring_elements 0.43621
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42277
1
reference_url https://github.com/dromara/hutool
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool
2
reference_url https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3
3
reference_url https://github.com/dromara/hutool/issues/3285
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:43:11Z/
url https://github.com/dromara/hutool/issues/3285
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42277
reference_id CVE-2023-42277
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42277
5
reference_url https://github.com/advisories/GHSA-7p8c-crfr-q93p
reference_id GHSA-7p8c-crfr-q93p
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7p8c-crfr-q93p
fixed_packages
0
url pkg:maven/cn.hutool/hutool-core@5.8.22
purl pkg:maven/cn.hutool/hutool-core@5.8.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ppw8-nmyx-1bd4
1
vulnerability VCID-x1kv-cg2v-yyd7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.22
aliases CVE-2023-42277, GHSA-7p8c-crfr-q93p
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6kpd-gcmc-mycc
2
url VCID-nhsq-y1t2-dbge
vulnerability_id VCID-nhsq-y1t2-dbge
summary 
hutool Buffer Overflow vulnerability
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42276
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43574
published_at 2026-04-13T12:55:00Z
1
value 0.00211
scoring_system epss
scoring_elements 0.43558
published_at 2026-04-21T12:55:00Z
2
value 0.00211
scoring_system epss
scoring_elements 0.43599
published_at 2026-04-04T12:55:00Z
3
value 0.00211
scoring_system epss
scoring_elements 0.43536
published_at 2026-04-07T12:55:00Z
4
value 0.00211
scoring_system epss
scoring_elements 0.43587
published_at 2026-04-08T12:55:00Z
5
value 0.00211
scoring_system epss
scoring_elements 0.43602
published_at 2026-04-09T12:55:00Z
6
value 0.00211
scoring_system epss
scoring_elements 0.43621
published_at 2026-04-11T12:55:00Z
7
value 0.00211
scoring_system epss
scoring_elements 0.4359
published_at 2026-04-12T12:55:00Z
8
value 0.00211
scoring_system epss
scoring_elements 0.43634
published_at 2026-04-16T12:55:00Z
9
value 0.00211
scoring_system epss
scoring_elements 0.43572
published_at 2026-04-02T12:55:00Z
10
value 0.00211
scoring_system epss
scoring_elements 0.43624
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42276
1
reference_url https://github.com/dromara/hutool
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool
2
reference_url https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3
3
reference_url https://github.com/dromara/hutool/issues/3286
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:44:20Z/
url https://github.com/dromara/hutool/issues/3286
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42276
reference_id CVE-2023-42276
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42276
5
reference_url https://github.com/advisories/GHSA-rxgf-r843-g53h
reference_id GHSA-rxgf-r843-g53h
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rxgf-r843-g53h
fixed_packages
0
url pkg:maven/cn.hutool/hutool-core@5.8.22
purl pkg:maven/cn.hutool/hutool-core@5.8.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ppw8-nmyx-1bd4
1
vulnerability VCID-x1kv-cg2v-yyd7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.22
aliases CVE-2023-42276, GHSA-rxgf-r843-g53h
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhsq-y1t2-dbge
3
url VCID-uwy2-xgzv-dkcs
vulnerability_id VCID-uwy2-xgzv-dkcs
summary 
Incorrect Permission Assignment for Critical Resource
Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33695
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08061
published_at 2026-04-07T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08068
published_at 2026-04-02T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.08122
published_at 2026-04-08T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.0811
published_at 2026-04-04T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08665
published_at 2026-04-13T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.0868
published_at 2026-04-12T12:55:00Z
6
value 0.0003
scoring_system epss
scoring_elements 0.08704
published_at 2026-04-11T12:55:00Z
7
value 0.0003
scoring_system epss
scoring_elements 0.0854
published_at 2026-04-18T12:55:00Z
8
value 0.0003
scoring_system epss
scoring_elements 0.08553
published_at 2026-04-16T12:55:00Z
9
value 0.0003
scoring_system epss
scoring_elements 0.08695
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33695
1
reference_url https://github.com/dromara/hutool
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool
2
reference_url https://github.com/dromara/hutool/commit/c33550f703f5d1d7dd71ad2992d79a5e5532ce2c
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool/commit/c33550f703f5d1d7dd71ad2992d79a5e5532ce2c
3
reference_url https://github.com/dromara/hutool/issues/3103
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-03T02:21:52Z/
url https://github.com/dromara/hutool/issues/3103
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33695
reference_id CVE-2023-33695
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33695
5
reference_url https://github.com/advisories/GHSA-7mcw-xmx3-7p8m
reference_id GHSA-7mcw-xmx3-7p8m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mcw-xmx3-7p8m
fixed_packages
0
url pkg:maven/cn.hutool/hutool-core@5.8.19
purl pkg:maven/cn.hutool/hutool-core@5.8.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-296h-5dbq-dbf9
1
vulnerability VCID-6kpd-gcmc-mycc
2
vulnerability VCID-nhsq-y1t2-dbge
3
vulnerability VCID-x1kv-cg2v-yyd7
4
vulnerability VCID-xwj3-1bfz-sbb6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.19
aliases CVE-2023-33695, GHSA-7mcw-xmx3-7p8m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uwy2-xgzv-dkcs
4
url VCID-x1kv-cg2v-yyd7
vulnerability_id VCID-x1kv-cg2v-yyd7
summary 
hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-51075
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37652
published_at 2026-04-04T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37509
published_at 2026-04-21T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37573
published_at 2026-04-18T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37592
published_at 2026-04-16T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37548
published_at 2026-04-13T12:55:00Z
5
value 0.00165
scoring_system epss
scoring_elements 0.37575
published_at 2026-04-12T12:55:00Z
6
value 0.00165
scoring_system epss
scoring_elements 0.37608
published_at 2026-04-11T12:55:00Z
7
value 0.00165
scoring_system epss
scoring_elements 0.37595
published_at 2026-04-09T12:55:00Z
8
value 0.00165
scoring_system epss
scoring_elements 0.3753
published_at 2026-04-07T12:55:00Z
9
value 0.00165
scoring_system epss
scoring_elements 0.37628
published_at 2026-04-02T12:55:00Z
10
value 0.00165
scoring_system epss
scoring_elements 0.37582
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-51075
1
reference_url https://github.com/dromara/hutool
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool
2
reference_url https://github.com/dromara/hutool/commit/32f2d0bd55defecb869fbf64d940bcc05642accc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool/commit/32f2d0bd55defecb869fbf64d940bcc05642accc
3
reference_url https://github.com/dromara/hutool/issues/3421
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-02T18:36:14Z/
url https://github.com/dromara/hutool/issues/3421
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-51075
reference_id CVE-2023-51075
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-51075
5
reference_url https://github.com/advisories/GHSA-7m7h-rgvp-3v4r
reference_id GHSA-7m7h-rgvp-3v4r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7m7h-rgvp-3v4r
fixed_packages
0
url pkg:maven/cn.hutool/hutool-core@5.8.24
purl pkg:maven/cn.hutool/hutool-core@5.8.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ppw8-nmyx-1bd4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.24
aliases CVE-2023-51075, GHSA-7m7h-rgvp-3v4r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1kv-cg2v-yyd7
5
url VCID-xwj3-1bfz-sbb6
vulnerability_id VCID-xwj3-1bfz-sbb6
summary 
hutool Buffer Overflow vulnerability
hutool v5.8.21 was discovered to contain a buffer overflow via the component `JSONUtil.parse()`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42278
reference_id
reference_type
scores
0
value 0.00437
scoring_system epss
scoring_elements 0.63097
published_at 2026-04-21T12:55:00Z
1
value 0.00532
scoring_system epss
scoring_elements 0.67311
published_at 2026-04-16T12:55:00Z
2
value 0.00532
scoring_system epss
scoring_elements 0.67324
published_at 2026-04-18T12:55:00Z
3
value 0.00532
scoring_system epss
scoring_elements 0.67263
published_at 2026-04-04T12:55:00Z
4
value 0.00532
scoring_system epss
scoring_elements 0.67292
published_at 2026-04-08T12:55:00Z
5
value 0.00532
scoring_system epss
scoring_elements 0.67305
published_at 2026-04-09T12:55:00Z
6
value 0.00532
scoring_system epss
scoring_elements 0.67325
published_at 2026-04-11T12:55:00Z
7
value 0.00532
scoring_system epss
scoring_elements 0.67312
published_at 2026-04-12T12:55:00Z
8
value 0.00532
scoring_system epss
scoring_elements 0.67277
published_at 2026-04-13T12:55:00Z
9
value 0.00532
scoring_system epss
scoring_elements 0.6724
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42278
1
reference_url https://github.com/dromara/hutool
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool
2
reference_url https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12
3
reference_url https://github.com/dromara/hutool/issues/3289
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T16:12:52Z/
url https://github.com/dromara/hutool/issues/3289
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42278
reference_id CVE-2023-42278
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42278
5
reference_url https://github.com/advisories/GHSA-rr66-qh5m-w6mx
reference_id GHSA-rr66-qh5m-w6mx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rr66-qh5m-w6mx
fixed_packages
0
url pkg:maven/cn.hutool/hutool-core@5.8.22
purl pkg:maven/cn.hutool/hutool-core@5.8.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ppw8-nmyx-1bd4
1
vulnerability VCID-x1kv-cg2v-yyd7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.22
aliases CVE-2023-42278, GHSA-rr66-qh5m-w6mx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xwj3-1bfz-sbb6
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.12