Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/cn.hutool/hutool-core@5.8.13
Typemaven
Namespacecn.hutool
Namehutool-core
Version5.8.13
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.8.24
Latest_non_vulnerable_version5.8.25
Affected_by_vulnerabilities
0
url VCID-5y6t-z5fm-c7ef
vulnerability_id VCID-5y6t-z5fm-c7ef
summary hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42278
reference_id
reference_type
scores
0
value 0.00741
scoring_system epss
scoring_elements 0.73421
published_at 2026-06-11T12:55:00Z
1
value 0.00741
scoring_system epss
scoring_elements 0.73497
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42278
1
reference_url https://github.com/dromara/hutool
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool
2
reference_url https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42278
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42278
4
reference_url https://github.com/dromara/hutool/issues/3289
reference_id 3289
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T16:12:52Z/
url https://github.com/dromara/hutool/issues/3289
5
reference_url https://github.com/advisories/GHSA-rr66-qh5m-w6mx
reference_id GHSA-rr66-qh5m-w6mx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rr66-qh5m-w6mx
fixed_packages
0
url pkg:maven/cn.hutool/hutool-core@5.8.22
purl pkg:maven/cn.hutool/hutool-core@5.8.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xtng-947y-j7hz
1
vulnerability VCID-zj5b-7h15-jyg6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.22
aliases CVE-2023-42278, GHSA-rr66-qh5m-w6mx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5y6t-z5fm-c7ef
1
url VCID-fdv4-rx91-7ybv
vulnerability_id VCID-fdv4-rx91-7ybv
summary Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33695
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.0925
published_at 2026-06-11T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09303
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33695
1
reference_url https://github.com/dromara/hutool
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool
2
reference_url https://github.com/dromara/hutool/commit/c33550f703f5d1d7dd71ad2992d79a5e5532ce2c
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool/commit/c33550f703f5d1d7dd71ad2992d79a5e5532ce2c
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33695
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33695
4
reference_url https://github.com/dromara/hutool/issues/3103
reference_id 3103
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-03T02:21:52Z/
url https://github.com/dromara/hutool/issues/3103
5
reference_url https://github.com/advisories/GHSA-7mcw-xmx3-7p8m
reference_id GHSA-7mcw-xmx3-7p8m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mcw-xmx3-7p8m
fixed_packages
0
url pkg:maven/cn.hutool/hutool-core@5.8.19
purl pkg:maven/cn.hutool/hutool-core@5.8.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5y6t-z5fm-c7ef
1
vulnerability VCID-ta6t-8stt-c3ea
2
vulnerability VCID-wb6b-32mq-dfbr
3
vulnerability VCID-z3g7-snxw-1qc1
4
vulnerability VCID-zj5b-7h15-jyg6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.19
aliases CVE-2023-33695, GHSA-7mcw-xmx3-7p8m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fdv4-rx91-7ybv
2
url VCID-ta6t-8stt-c3ea
vulnerability_id VCID-ta6t-8stt-c3ea
summary hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42276
reference_id
reference_type
scores
0
value 0.00264
scoring_system epss
scoring_elements 0.50058
published_at 2026-06-11T12:55:00Z
1
value 0.00264
scoring_system epss
scoring_elements 0.50193
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42276
1
reference_url https://github.com/dromara/hutool
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool
2
reference_url https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42276
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42276
4
reference_url https://github.com/dromara/hutool/issues/3286
reference_id 3286
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:44:20Z/
url https://github.com/dromara/hutool/issues/3286
5
reference_url https://github.com/advisories/GHSA-rxgf-r843-g53h
reference_id GHSA-rxgf-r843-g53h
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rxgf-r843-g53h
fixed_packages
0
url pkg:maven/cn.hutool/hutool-core@5.8.22
purl pkg:maven/cn.hutool/hutool-core@5.8.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xtng-947y-j7hz
1
vulnerability VCID-zj5b-7h15-jyg6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.22
aliases CVE-2023-42276, GHSA-rxgf-r843-g53h
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ta6t-8stt-c3ea
3
url VCID-wb6b-32mq-dfbr
vulnerability_id VCID-wb6b-32mq-dfbr
summary hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42277
reference_id
reference_type
scores
0
value 0.00264
scoring_system epss
scoring_elements 0.50193
published_at 2026-06-12T12:55:00Z
1
value 0.00264
scoring_system epss
scoring_elements 0.50058
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42277
1
reference_url https://github.com/dromara/hutool
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool
2
reference_url https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42277
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42277
4
reference_url https://github.com/dromara/hutool/issues/3285
reference_id 3285
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:43:11Z/
url https://github.com/dromara/hutool/issues/3285
5
reference_url https://github.com/advisories/GHSA-7p8c-crfr-q93p
reference_id GHSA-7p8c-crfr-q93p
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7p8c-crfr-q93p
fixed_packages
0
url pkg:maven/cn.hutool/hutool-core@5.8.22
purl pkg:maven/cn.hutool/hutool-core@5.8.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xtng-947y-j7hz
1
vulnerability VCID-zj5b-7h15-jyg6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.22
aliases CVE-2023-42277, GHSA-7p8c-crfr-q93p
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wb6b-32mq-dfbr
4
url VCID-z3g7-snxw-1qc1
vulnerability_id VCID-z3g7-snxw-1qc1
summary A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3276
reference_id
reference_type
scores
0
value 0.00158
scoring_system epss
scoring_elements 0.36586
published_at 2026-06-12T12:55:00Z
1
value 0.00158
scoring_system epss
scoring_elements 0.36405
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3276
1
reference_url https://fbdhhhh47.github.io/2023/06/06/hutool-XXE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://fbdhhhh47.github.io/2023/06/06/hutool-XXE
2
reference_url https://github.com/dromara/hutool
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3276
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3276
4
reference_url https://vuldb.com/?ctiid.231626
reference_id ?ctiid.231626
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:05:47Z/
url https://vuldb.com/?ctiid.231626
5
reference_url https://github.com/advisories/GHSA-p2qf-9vp6-3jjq
reference_id GHSA-p2qf-9vp6-3jjq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p2qf-9vp6-3jjq
6
reference_url https://fbdhhhh47.github.io/2023/06/06/hutool-XXE/
reference_id hutool-XXE
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:05:47Z/
url https://fbdhhhh47.github.io/2023/06/06/hutool-XXE/
7
reference_url https://vuldb.com/?id.231626
reference_id ?id.231626
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:05:47Z/
url https://vuldb.com/?id.231626
fixed_packages
0
url pkg:maven/cn.hutool/hutool-core@5.8.20
purl pkg:maven/cn.hutool/hutool-core@5.8.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5y6t-z5fm-c7ef
1
vulnerability VCID-ta6t-8stt-c3ea
2
vulnerability VCID-wb6b-32mq-dfbr
3
vulnerability VCID-zj5b-7h15-jyg6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.20
aliases CVE-2023-3276, GHSA-p2qf-9vp6-3jjq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z3g7-snxw-1qc1
5
url VCID-zj5b-7h15-jyg6
vulnerability_id VCID-zj5b-7h15-jyg6
summary hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-51075
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.31661
published_at 2026-06-12T12:55:00Z
1
value 0.00126
scoring_system epss
scoring_elements 0.3147
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-51075
1
reference_url https://github.com/dromara/hutool
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool
2
reference_url https://github.com/dromara/hutool/commit/32f2d0bd55defecb869fbf64d940bcc05642accc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dromara/hutool/commit/32f2d0bd55defecb869fbf64d940bcc05642accc
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-51075
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-51075
4
reference_url https://github.com/dromara/hutool/issues/3421
reference_id 3421
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-02T18:36:14Z/
url https://github.com/dromara/hutool/issues/3421
5
reference_url https://github.com/advisories/GHSA-7m7h-rgvp-3v4r
reference_id GHSA-7m7h-rgvp-3v4r
reference_type
scores
url https://github.com/advisories/GHSA-7m7h-rgvp-3v4r
fixed_packages
0
url pkg:maven/cn.hutool/hutool-core@5.8.24
purl pkg:maven/cn.hutool/hutool-core@5.8.24
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.24
aliases CVE-2023-51075, GHSA-7m7h-rgvp-3v4r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zj5b-7h15-jyg6
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-core@5.8.13