Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/603003?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/603003?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.1.0", "type": "maven", "namespace": "cn.hutool", "name": "hutool-core", "version": "5.1.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.8.25", "latest_non_vulnerable_version": "5.8.25", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135509?format=api", "vulnerability_id": "VCID-5y6t-z5fm-c7ef", "summary": "hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.73421", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.7351", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.73512", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.73497", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42278" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42278", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42278" }, { "reference_url": "https://github.com/dromara/hutool/issues/3289", "reference_id": "3289", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T16:12:52Z/" } ], "url": "https://github.com/dromara/hutool/issues/3289" }, { "reference_url": "https://github.com/advisories/GHSA-rr66-qh5m-w6mx", "reference_id": "GHSA-rr66-qh5m-w6mx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rr66-qh5m-w6mx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379811?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xtng-947y-j7hz" }, { "vulnerability": "VCID-zj5b-7h15-jyg6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.22" } ], "aliases": [ "CVE-2023-42278", "GHSA-rr66-qh5m-w6mx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5y6t-z5fm-c7ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/354787?format=api", "vulnerability_id": "VCID-c16a-1c6d-mufv", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4565", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52564", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52692", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52707", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52689", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4565" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/issues/2797", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/issues/2797" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4565", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4565" }, { "reference_url": "https://vuldb.com/?id.215974", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://vuldb.com/?id.215974" }, { "reference_url": "https://github.com/advisories/GHSA-47vx-fqr5-j2gw", "reference_id": "GHSA-47vx-fqr5-j2gw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47vx-fqr5-j2gw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384013?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5y6t-z5fm-c7ef" }, { "vulnerability": "VCID-fdv4-rx91-7ybv" }, { "vulnerability": "VCID-ta6t-8stt-c3ea" }, { "vulnerability": "VCID-wb6b-32mq-dfbr" }, { "vulnerability": "VCID-z3g7-snxw-1qc1" }, { "vulnerability": "VCID-zj5b-7h15-jyg6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.11" } ], "aliases": [ "CVE-2022-4565", "GHSA-47vx-fqr5-j2gw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c16a-1c6d-mufv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144246?format=api", "vulnerability_id": "VCID-fdv4-rx91-7ybv", "summary": "Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09303", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0925", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09986", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33695" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/c33550f703f5d1d7dd71ad2992d79a5e5532ce2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/c33550f703f5d1d7dd71ad2992d79a5e5532ce2c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33695", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33695" }, { "reference_url": "https://github.com/dromara/hutool/issues/3103", "reference_id": "3103", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-03T02:21:52Z/" } ], "url": "https://github.com/dromara/hutool/issues/3103" }, { "reference_url": "https://github.com/advisories/GHSA-7mcw-xmx3-7p8m", "reference_id": "GHSA-7mcw-xmx3-7p8m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mcw-xmx3-7p8m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381897?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5y6t-z5fm-c7ef" }, { "vulnerability": "VCID-ta6t-8stt-c3ea" }, { "vulnerability": "VCID-wb6b-32mq-dfbr" }, { "vulnerability": "VCID-z3g7-snxw-1qc1" }, { "vulnerability": "VCID-zj5b-7h15-jyg6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.19" } ], "aliases": [ "CVE-2023-33695", "GHSA-7mcw-xmx3-7p8m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdv4-rx91-7ybv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135532?format=api", "vulnerability_id": "VCID-ta6t-8stt-c3ea", "summary": "hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50058", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50196", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50212", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50193", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42276" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42276", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42276" }, { "reference_url": "https://github.com/dromara/hutool/issues/3286", "reference_id": "3286", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:44:20Z/" } ], "url": "https://github.com/dromara/hutool/issues/3286" }, { "reference_url": "https://github.com/advisories/GHSA-rxgf-r843-g53h", "reference_id": "GHSA-rxgf-r843-g53h", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxgf-r843-g53h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379811?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xtng-947y-j7hz" }, { "vulnerability": "VCID-zj5b-7h15-jyg6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.22" } ], "aliases": [ "CVE-2023-42276", "GHSA-rxgf-r843-g53h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ta6t-8stt-c3ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135201?format=api", "vulnerability_id": "VCID-wb6b-32mq-dfbr", "summary": "hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50196", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50058", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50193", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50212", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42277" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42277", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42277" }, { "reference_url": "https://github.com/dromara/hutool/issues/3285", "reference_id": "3285", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:43:11Z/" } ], "url": "https://github.com/dromara/hutool/issues/3285" }, { "reference_url": "https://github.com/advisories/GHSA-7p8c-crfr-q93p", "reference_id": "GHSA-7p8c-crfr-q93p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7p8c-crfr-q93p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379811?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xtng-947y-j7hz" }, { "vulnerability": "VCID-zj5b-7h15-jyg6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.22" } ], "aliases": [ "CVE-2023-42277", "GHSA-7p8c-crfr-q93p" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wb6b-32mq-dfbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151506?format=api", "vulnerability_id": "VCID-z3g7-snxw-1qc1", "summary": "A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36405", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36599", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3661", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36586", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3276" }, { "reference_url": "https://fbdhhhh47.github.io/2023/06/06/hutool-XXE", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://fbdhhhh47.github.io/2023/06/06/hutool-XXE" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3276", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3276" }, { "reference_url": "https://vuldb.com/?ctiid.231626", "reference_id": "?ctiid.231626", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:05:47Z/" } ], "url": "https://vuldb.com/?ctiid.231626" }, { "reference_url": "https://github.com/advisories/GHSA-p2qf-9vp6-3jjq", "reference_id": "GHSA-p2qf-9vp6-3jjq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p2qf-9vp6-3jjq" }, { "reference_url": "https://fbdhhhh47.github.io/2023/06/06/hutool-XXE/", "reference_id": "hutool-XXE", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:05:47Z/" } ], "url": "https://fbdhhhh47.github.io/2023/06/06/hutool-XXE/" }, { "reference_url": "https://vuldb.com/?id.231626", "reference_id": "?id.231626", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:05:47Z/" } ], "url": "https://vuldb.com/?id.231626" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/633197?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5y6t-z5fm-c7ef" }, { "vulnerability": "VCID-ta6t-8stt-c3ea" }, { "vulnerability": "VCID-wb6b-32mq-dfbr" }, { "vulnerability": "VCID-zj5b-7h15-jyg6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.20" } ], "aliases": [ "CVE-2023-3276", "GHSA-p2qf-9vp6-3jjq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z3g7-snxw-1qc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/131005?format=api", "vulnerability_id": "VCID-zj5b-7h15-jyg6", "summary": "hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31662", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.3147", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31661", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31679", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51075" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/32f2d0bd55defecb869fbf64d940bcc05642accc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/32f2d0bd55defecb869fbf64d940bcc05642accc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51075", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51075" }, { "reference_url": "https://github.com/dromara/hutool/issues/3421", "reference_id": "3421", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-02T18:36:14Z/" } ], "url": "https://github.com/dromara/hutool/issues/3421" }, { "reference_url": "https://github.com/advisories/GHSA-7m7h-rgvp-3v4r", "reference_id": "GHSA-7m7h-rgvp-3v4r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7m7h-rgvp-3v4r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380261?format=api", "purl": "pkg:maven/cn.hutool/hutool-core@5.8.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xtng-947y-j7hz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.24" } ], "aliases": [ "CVE-2023-51075", "GHSA-7m7h-rgvp-3v4r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zj5b-7h15-jyg6" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.1.0" }