Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/346331?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/346331?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.0.3", "type": "maven", "namespace": "cn.hutool", "name": "hutool-json", "version": "5.0.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.8.22", "latest_non_vulnerable_version": "5.8.25", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52862?format=api", "vulnerability_id": "VCID-32wz-1tnx-5qep", "summary": "json stack overflow vulnerability\nA stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 and org.json:json before version 20230227 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75807", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75903", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75763", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75824", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75843", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75774", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75819", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75891", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75844", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75858", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75855", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75818", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78518", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45688" }, { "reference_url": "https://github.com/dromara/hutool/commit/6a2b585de0a380e8c12016dbaa1620b69be11b8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/6a2b585de0a380e8c12016dbaa1620b69be11b8c" }, { "reference_url": "https://github.com/dromara/hutool/issues/2748", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T03:09:42Z/" } ], "url": "https://github.com/dromara/hutool/issues/2748" }, { "reference_url": "https://github.com/dromara/hutool/releases/tag/5.8.25", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/releases/tag/5.8.25" }, { "reference_url": "https://github.com/stleary/JSON-java/commit/a6e412bded7a0ad605adfeca029318f184c32102", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/stleary/JSON-java/commit/a6e412bded7a0ad605adfeca029318f184c32102" }, { "reference_url": "https://github.com/stleary/JSON-java/issues/708", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T03:09:42Z/" } ], "url": "https://github.com/stleary/JSON-java/issues/708" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45688", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45688" }, { "reference_url": "https://github.com/advisories/GHSA-3vqj-43w4-2q58", "reference_id": "GHSA-3vqj-43w4-2q58", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vqj-43w4-2q58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80437?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kpd-gcmc-mycc" }, { "vulnerability": "VCID-nhsq-y1t2-dbge" }, { "vulnerability": "VCID-xwj3-1bfz-sbb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/80508?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.25" } ], "aliases": [ "CVE-2022-45688", "GHSA-3vqj-43w4-2q58" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-32wz-1tnx-5qep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52780?format=api", "vulnerability_id": "VCID-41pg-3cdb-jqee", "summary": "hutool-json vulnerable to memory exhaustion\nhutool-json v5.8.10 was discovered to contain an out of memory error. This issue is similar to CVE-2022-45690.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50007", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50043", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50088", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50089", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50061", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50049", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50053", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.5003", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50059", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50009", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50063", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50056", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50074", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50046", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45689" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/issues/2747", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:01:56Z/" } ], "url": "https://github.com/dromara/hutool/issues/2747" }, { "reference_url": "https://github.com/stleary/JSON-java/commit/7a124d857dc8da1165c87fa788e53359a317d0f7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/stleary/JSON-java/commit/7a124d857dc8da1165c87fa788e53359a317d0f7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45689", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45689" }, { "reference_url": "https://github.com/advisories/GHSA-fxrc-hg6j-6v3x", "reference_id": "GHSA-fxrc-hg6j-6v3x", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxrc-hg6j-6v3x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80437?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kpd-gcmc-mycc" }, { "vulnerability": "VCID-nhsq-y1t2-dbge" }, { "vulnerability": "VCID-xwj3-1bfz-sbb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.11" } ], "aliases": [ "CVE-2022-45689", "GHSA-fxrc-hg6j-6v3x" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41pg-3cdb-jqee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52743?format=api", "vulnerability_id": "VCID-5xm4-tyx3-wudu", "summary": "hutool-json stack overflow vulnerability\nA stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51742", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51786", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51783", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51834", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51814", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51799", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51841", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51848", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51829", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51779", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51785", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51745", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51771", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51732", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45690" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/issues/2746", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T14:59:20Z/" } ], "url": "https://github.com/dromara/hutool/issues/2746" }, { "reference_url": "https://github.com/stleary/JSON-java/commit/7a124d857dc8da1165c87fa788e53359a317d0f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/stleary/JSON-java/commit/7a124d857dc8da1165c87fa788e53359a317d0f7" }, { "reference_url": "https://github.com/stleary/JSON-java/issues/654", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T14:59:20Z/" } ], "url": "https://github.com/stleary/JSON-java/issues/654" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45690", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45690" }, { "reference_url": "https://github.com/advisories/GHSA-whgh-g24c-3j5q", "reference_id": "GHSA-whgh-g24c-3j5q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-whgh-g24c-3j5q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80437?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kpd-gcmc-mycc" }, { "vulnerability": "VCID-nhsq-y1t2-dbge" }, { "vulnerability": "VCID-xwj3-1bfz-sbb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.11" } ], "aliases": [ "CVE-2022-45690", "GHSA-whgh-g24c-3j5q" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xm4-tyx3-wudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18974?format=api", "vulnerability_id": "VCID-6kpd-gcmc-mycc", "summary": "hutool Buffer Overflow vulnerability\nhutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4341", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43587", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43602", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43621", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43574", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43624", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43558", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43489", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43493", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43572", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43599", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43536", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42277" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3" }, { "reference_url": "https://github.com/dromara/hutool/issues/3285", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:43:11Z/" } ], "url": "https://github.com/dromara/hutool/issues/3285" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42277", "reference_id": "CVE-2023-42277", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42277" }, { "reference_url": "https://github.com/advisories/GHSA-7p8c-crfr-q93p", "reference_id": "GHSA-7p8c-crfr-q93p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7p8c-crfr-q93p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59806?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.22" } ], "aliases": [ "CVE-2023-42277", "GHSA-7p8c-crfr-q93p" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6kpd-gcmc-mycc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18973?format=api", "vulnerability_id": "VCID-nhsq-y1t2-dbge", "summary": "hutool Buffer Overflow vulnerability\nhutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4341", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43587", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43602", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43621", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43574", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43624", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43558", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43489", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43493", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43572", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43599", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43536", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42276" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3" }, { "reference_url": "https://github.com/dromara/hutool/issues/3286", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:44:20Z/" } ], "url": "https://github.com/dromara/hutool/issues/3286" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42276", "reference_id": "CVE-2023-42276", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42276" }, { "reference_url": "https://github.com/advisories/GHSA-rxgf-r843-g53h", "reference_id": "GHSA-rxgf-r843-g53h", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxgf-r843-g53h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59806?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.22" } ], "aliases": [ "CVE-2023-42276", "GHSA-rxgf-r843-g53h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhsq-y1t2-dbge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18976?format=api", "vulnerability_id": "VCID-xwj3-1bfz-sbb6", "summary": "hutool Buffer Overflow vulnerability\nhutool v5.8.21 was discovered to contain a buffer overflow via the component `JSONUtil.parse()`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63097", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63131", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63132", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63118", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67263", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.6724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67292", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67325", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67312", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67277", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67311", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67324", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42278" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12" }, { "reference_url": "https://github.com/dromara/hutool/issues/3289", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T16:12:52Z/" } ], "url": "https://github.com/dromara/hutool/issues/3289" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42278", "reference_id": "CVE-2023-42278", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42278" }, { "reference_url": "https://github.com/advisories/GHSA-rr66-qh5m-w6mx", "reference_id": "GHSA-rr66-qh5m-w6mx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rr66-qh5m-w6mx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59806?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.22" } ], "aliases": [ "CVE-2023-42278", "GHSA-rr66-qh5m-w6mx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xwj3-1bfz-sbb6" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.0.3" }