Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/347227?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/347227?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@4.1.13", "type": "maven", "namespace": "cn.hutool", "name": "hutool-core", "version": "4.1.13", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.8.25", "latest_non_vulnerable_version": "5.8.25", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17970?format=api", "vulnerability_id": "VCID-296h-5dbq-dbf9", "summary": "Improper Restriction of XML External Entity Reference\nA vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but does not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35377", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.3535", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35329", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35305", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.3526", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36214", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.363", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3633", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36554", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36614", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36097", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36644", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36632", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3661", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3276" }, { "reference_url": "https://fbdhhhh47.github.io/2023/06/06/hutool-XXE", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://fbdhhhh47.github.io/2023/06/06/hutool-XXE" }, { "reference_url": "https://fbdhhhh47.github.io/2023/06/06/hutool-XXE/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:05:47Z/" } ], "url": "https://fbdhhhh47.github.io/2023/06/06/hutool-XXE/" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://vuldb.com/?ctiid.231626", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:05:47Z/" } ], "url": "https://vuldb.com/?ctiid.231626" }, { "reference_url": "https://vuldb.com/?id.231626", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:05:47Z/" } ], "url": "https://vuldb.com/?id.231626" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3276", "reference_id": "CVE-2023-3276", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3276" }, { "reference_url": "https://github.com/advisories/GHSA-p2qf-9vp6-3jjq", "reference_id": "GHSA-p2qf-9vp6-3jjq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p2qf-9vp6-3jjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/602852?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kpd-gcmc-mycc" }, { "vulnerability": "VCID-nhsq-y1t2-dbge" }, { "vulnerability": "VCID-x1kv-cg2v-yyd7" }, { "vulnerability": "VCID-xwj3-1bfz-sbb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.20" } ], "aliases": [ "CVE-2023-3276", "GHSA-p2qf-9vp6-3jjq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-296h-5dbq-dbf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18974?format=api", "vulnerability_id": "VCID-6kpd-gcmc-mycc", "summary": "hutool Buffer Overflow vulnerability\nhutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43279", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43602", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43621", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43574", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43624", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43558", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43489", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43493", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4341", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43572", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43599", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43587", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42277" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3" }, { "reference_url": "https://github.com/dromara/hutool/issues/3285", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:43:11Z/" } ], "url": "https://github.com/dromara/hutool/issues/3285" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42277", "reference_id": "CVE-2023-42277", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42277" }, { "reference_url": "https://github.com/advisories/GHSA-7p8c-crfr-q93p", "reference_id": "GHSA-7p8c-crfr-q93p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7p8c-crfr-q93p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59810?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ppw8-nmyx-1bd4" }, { "vulnerability": "VCID-x1kv-cg2v-yyd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.22" } ], "aliases": [ "CVE-2023-42277", "GHSA-7p8c-crfr-q93p" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6kpd-gcmc-mycc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18973?format=api", "vulnerability_id": "VCID-nhsq-y1t2-dbge", "summary": "hutool Buffer Overflow vulnerability\nhutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43279", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43602", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43621", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43574", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43624", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43558", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43489", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43493", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4341", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43572", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43599", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43587", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42276" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3" }, { "reference_url": "https://github.com/dromara/hutool/issues/3286", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:44:20Z/" } ], "url": "https://github.com/dromara/hutool/issues/3286" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42276", "reference_id": "CVE-2023-42276", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42276" }, { "reference_url": "https://github.com/advisories/GHSA-rxgf-r843-g53h", "reference_id": "GHSA-rxgf-r843-g53h", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxgf-r843-g53h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59810?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ppw8-nmyx-1bd4" }, { "vulnerability": "VCID-x1kv-cg2v-yyd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.22" } ], "aliases": [ "CVE-2023-42276", "GHSA-rxgf-r843-g53h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhsq-y1t2-dbge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17864?format=api", "vulnerability_id": "VCID-uwy2-xgzv-dkcs", "summary": "Incorrect Permission Assignment for Critical Resource\nHutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08068", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08122", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08061", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0811", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.086", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08704", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0868", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08665", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08553", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0854", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08695", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08708", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08662", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08664", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33695" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/c33550f703f5d1d7dd71ad2992d79a5e5532ce2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/c33550f703f5d1d7dd71ad2992d79a5e5532ce2c" }, { "reference_url": "https://github.com/dromara/hutool/issues/3103", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-03T02:21:52Z/" } ], "url": "https://github.com/dromara/hutool/issues/3103" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33695", "reference_id": "CVE-2023-33695", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33695" }, { "reference_url": "https://github.com/advisories/GHSA-7mcw-xmx3-7p8m", "reference_id": "GHSA-7mcw-xmx3-7p8m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mcw-xmx3-7p8m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57930?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-296h-5dbq-dbf9" }, { "vulnerability": "VCID-6kpd-gcmc-mycc" }, { "vulnerability": "VCID-nhsq-y1t2-dbge" }, { "vulnerability": "VCID-x1kv-cg2v-yyd7" }, { "vulnerability": "VCID-xwj3-1bfz-sbb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.19" } ], "aliases": [ "CVE-2023-33695", "GHSA-7mcw-xmx3-7p8m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uwy2-xgzv-dkcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52724?format=api", "vulnerability_id": "VCID-vfc3-cdgp-wqe9", "summary": "HuTool vulnerable to Uncontrolled Resource Consumption\nA vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4565", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50564", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50698", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5074", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50717", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50742", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50748", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50728", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50676", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50684", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5064", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50665", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50691", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50647", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50702", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4565" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/issues/2797", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/issues/2797" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4565", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4565" }, { "reference_url": "https://vuldb.com/?id.215974", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://vuldb.com/?id.215974" }, { "reference_url": "https://github.com/advisories/GHSA-47vx-fqr5-j2gw", "reference_id": "GHSA-47vx-fqr5-j2gw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47vx-fqr5-j2gw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80421?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-296h-5dbq-dbf9" }, { "vulnerability": "VCID-6kpd-gcmc-mycc" }, { "vulnerability": "VCID-nhsq-y1t2-dbge" }, { "vulnerability": "VCID-uwy2-xgzv-dkcs" }, { "vulnerability": "VCID-x1kv-cg2v-yyd7" }, { "vulnerability": "VCID-xwj3-1bfz-sbb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.11" } ], "aliases": [ "CVE-2022-4565", "GHSA-47vx-fqr5-j2gw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfc3-cdgp-wqe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20464?format=api", "vulnerability_id": "VCID-x1kv-cg2v-yyd7", "summary": "hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function\nhutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37057", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37575", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37548", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37592", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37573", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37509", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37288", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37268", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37176", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37628", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37652", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.3753", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37582", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51075" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/32f2d0bd55defecb869fbf64d940bcc05642accc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/32f2d0bd55defecb869fbf64d940bcc05642accc" }, { "reference_url": "https://github.com/dromara/hutool/issues/3421", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-02T18:36:14Z/" } ], "url": "https://github.com/dromara/hutool/issues/3421" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51075", "reference_id": "CVE-2023-51075", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51075" }, { "reference_url": "https://github.com/advisories/GHSA-7m7h-rgvp-3v4r", "reference_id": "GHSA-7m7h-rgvp-3v4r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7m7h-rgvp-3v4r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62050?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ppw8-nmyx-1bd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.24" } ], "aliases": [ "CVE-2023-51075", "GHSA-7m7h-rgvp-3v4r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1kv-cg2v-yyd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18976?format=api", "vulnerability_id": "VCID-xwj3-1bfz-sbb6", "summary": "hutool Buffer Overflow vulnerability\nhutool v5.8.21 was discovered to contain a buffer overflow via the component `JSONUtil.parse()`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63097", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63086", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63131", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63132", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63118", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67292", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.6724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67263", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67325", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67312", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67277", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67311", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67324", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42278" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12" }, { "reference_url": "https://github.com/dromara/hutool/issues/3289", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T16:12:52Z/" } ], "url": "https://github.com/dromara/hutool/issues/3289" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42278", "reference_id": "CVE-2023-42278", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42278" }, { "reference_url": "https://github.com/advisories/GHSA-rr66-qh5m-w6mx", "reference_id": "GHSA-rr66-qh5m-w6mx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rr66-qh5m-w6mx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59810?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ppw8-nmyx-1bd4" }, { "vulnerability": "VCID-x1kv-cg2v-yyd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.22" } ], "aliases": [ "CVE-2023-42278", "GHSA-rr66-qh5m-w6mx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xwj3-1bfz-sbb6" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@4.1.13" }