Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/626220?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/626220?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.4.2", "type": "maven", "namespace": "cn.hutool", "name": "hutool-json", "version": "5.4.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.8.22", "latest_non_vulnerable_version": "5.8.25", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109638?format=api", "vulnerability_id": "VCID-4936-gd8t-gbcy", "summary": "json stack overflow vulnerability\nA stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 and org.json:json before version 20230227 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01216", "scoring_system": "epss", "scoring_elements": "0.79384", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01216", "scoring_system": "epss", "scoring_elements": "0.79379", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01216", "scoring_system": "epss", "scoring_elements": "0.79377", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01216", "scoring_system": "epss", "scoring_elements": "0.79352", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01281", "scoring_system": "epss", "scoring_elements": "0.79961", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01281", "scoring_system": "epss", "scoring_elements": "0.79941", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45688" }, { "reference_url": "https://github.com/dromara/hutool/commit/6a2b585de0a380e8c12016dbaa1620b69be11b8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/6a2b585de0a380e8c12016dbaa1620b69be11b8c" }, { "reference_url": "https://github.com/dromara/hutool/issues/2748", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T03:09:42Z/" } ], "url": "https://github.com/dromara/hutool/issues/2748" }, { "reference_url": "https://github.com/dromara/hutool/releases/tag/5.8.25", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/releases/tag/5.8.25" }, { "reference_url": "https://github.com/stleary/JSON-java/commit/a6e412bded7a0ad605adfeca029318f184c32102", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/stleary/JSON-java/commit/a6e412bded7a0ad605adfeca029318f184c32102" }, { "reference_url": "https://github.com/stleary/JSON-java/issues/708", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T03:09:42Z/" } ], "url": "https://github.com/stleary/JSON-java/issues/708" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45688", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45688" }, { "reference_url": "https://github.com/advisories/GHSA-3vqj-43w4-2q58", "reference_id": "GHSA-3vqj-43w4-2q58", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vqj-43w4-2q58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146678?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kj6s-a7mj-5bcx" }, { "vulnerability": "VCID-kkhf-uh57-quhr" }, { "vulnerability": "VCID-qg9j-bkvg-63cg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/146778?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.25" } ], "aliases": [ "CVE-2022-45688", "GHSA-3vqj-43w4-2q58" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4936-gd8t-gbcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109499?format=api", "vulnerability_id": "VCID-55c4-71t9-zyg4", "summary": "hutool-json stack overflow vulnerability\nA stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52093", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52084", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52073", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52023", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53595", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53619", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45690" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/issues/2746", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T14:59:20Z/" } ], "url": "https://github.com/dromara/hutool/issues/2746" }, { "reference_url": "https://github.com/stleary/JSON-java/commit/7a124d857dc8da1165c87fa788e53359a317d0f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/stleary/JSON-java/commit/7a124d857dc8da1165c87fa788e53359a317d0f7" }, { "reference_url": "https://github.com/stleary/JSON-java/issues/654", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T14:59:20Z/" } ], "url": "https://github.com/stleary/JSON-java/issues/654" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45690", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45690" }, { "reference_url": "https://github.com/advisories/GHSA-whgh-g24c-3j5q", "reference_id": "GHSA-whgh-g24c-3j5q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-whgh-g24c-3j5q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146678?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kj6s-a7mj-5bcx" }, { "vulnerability": "VCID-kkhf-uh57-quhr" }, { "vulnerability": "VCID-qg9j-bkvg-63cg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.11" } ], "aliases": [ "CVE-2022-45690", "GHSA-whgh-g24c-3j5q" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-55c4-71t9-zyg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109559?format=api", "vulnerability_id": "VCID-k4jb-3y31-3ya1", "summary": "hutool-json vulnerable to memory exhaustion\nhutool-json v5.8.10 was discovered to contain an out of memory error. This issue is similar to CVE-2022-45690.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50296", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50285", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50304", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50234", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51657", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51638", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45689" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/issues/2747", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:01:56Z/" } ], "url": "https://github.com/dromara/hutool/issues/2747" }, { "reference_url": "https://github.com/stleary/JSON-java/commit/7a124d857dc8da1165c87fa788e53359a317d0f7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/stleary/JSON-java/commit/7a124d857dc8da1165c87fa788e53359a317d0f7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45689", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45689" }, { "reference_url": "https://github.com/advisories/GHSA-fxrc-hg6j-6v3x", "reference_id": "GHSA-fxrc-hg6j-6v3x", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxrc-hg6j-6v3x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146678?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kj6s-a7mj-5bcx" }, { "vulnerability": "VCID-kkhf-uh57-quhr" }, { "vulnerability": "VCID-qg9j-bkvg-63cg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.11" } ], "aliases": [ "CVE-2022-45689", "GHSA-fxrc-hg6j-6v3x" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4jb-3y31-3ya1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45991?format=api", "vulnerability_id": "VCID-kj6s-a7mj-5bcx", "summary": "hutool Buffer Overflow vulnerability\nhutool v5.8.21 was discovered to contain a buffer overflow via the component `JSONUtil.parse()`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.7336", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.73371", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.73347", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.73369", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.73374", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42278" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12" }, { "reference_url": "https://github.com/dromara/hutool/issues/3289", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T16:12:52Z/" } ], "url": "https://github.com/dromara/hutool/issues/3289" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42278", "reference_id": "CVE-2023-42278", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42278" }, { "reference_url": "https://github.com/advisories/GHSA-rr66-qh5m-w6mx", "reference_id": "GHSA-rr66-qh5m-w6mx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rr66-qh5m-w6mx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66830?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.22" } ], "aliases": [ "CVE-2023-42278", "GHSA-rr66-qh5m-w6mx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kj6s-a7mj-5bcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45989?format=api", "vulnerability_id": "VCID-kkhf-uh57-quhr", "summary": "hutool Buffer Overflow vulnerability\nhutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49997", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49989", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49969", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50004", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50013", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42276" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3" }, { "reference_url": "https://github.com/dromara/hutool/issues/3286", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:44:20Z/" } ], "url": "https://github.com/dromara/hutool/issues/3286" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42276", "reference_id": "CVE-2023-42276", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42276" }, { "reference_url": "https://github.com/advisories/GHSA-rxgf-r843-g53h", "reference_id": "GHSA-rxgf-r843-g53h", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxgf-r843-g53h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66830?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.22" } ], "aliases": [ "CVE-2023-42276", "GHSA-rxgf-r843-g53h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkhf-uh57-quhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45990?format=api", "vulnerability_id": "VCID-qg9j-bkvg-63cg", "summary": "hutool Buffer Overflow vulnerability\nhutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50013", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49989", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49969", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49997", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50004", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42277" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3" }, { "reference_url": "https://github.com/dromara/hutool/issues/3285", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:43:11Z/" } ], "url": "https://github.com/dromara/hutool/issues/3285" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42277", "reference_id": "CVE-2023-42277", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42277" }, { "reference_url": "https://github.com/advisories/GHSA-7p8c-crfr-q93p", "reference_id": "GHSA-7p8c-crfr-q93p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7p8c-crfr-q93p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66830?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.22" } ], "aliases": [ "CVE-2023-42277", "GHSA-7p8c-crfr-q93p" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qg9j-bkvg-63cg" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.4.2" }