Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-vfc3-cdgp-wqe9
Vulnerability ID VCID-vfc3-cdgp-wqe9
Aliases CVE-2022-4565
GHSA-47vx-fqr5-j2gw
Summary HuTool vulnerable to Uncontrolled Resource Consumption A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-400 Uncontrolled Resource Consumption
CWE-404 Improper Resource Shutdown or Release
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2022-4565
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-47vx-fqr5-j2gw
cvssv3.1 7.5 https://github.com/dromara/hutool
generic_textual HIGH https://github.com/dromara/hutool
cvssv3.1 7.5 https://github.com/dromara/hutool/issues/2797
generic_textual HIGH https://github.com/dromara/hutool/issues/2797
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-4565
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-4565
cvssv3.1 7.5 https://vuldb.com/?id.215974
generic_textual HIGH https://vuldb.com/?id.215974
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-4565
https://github.com/dromara/hutool
https://github.com/dromara/hutool/issues/2797
https://nvd.nist.gov/vuln/detail/CVE-2022-4565
https://vuldb.com/?id.215974
GHSA-47vx-fqr5-j2gw https://github.com/advisories/GHSA-47vx-fqr5-j2gw
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dromara/hutool
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dromara/hutool/issues/2797
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-4565
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://vuldb.com/?id.215974
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.50665
EPSS Score 0.00273
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:05:56.502806+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-47vx-fqr5-j2gw/GHSA-47vx-fqr5-j2gw.json 38.0.0