CVE-2023-3276 – cn.hutool:hutool-core

Package

Manager: maven
Name: cn.hutool:hutool-core
Vulnerable Version: >=0 <=5.8.19

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00099 pctl0.28203

Details

HuTool XML parsing module has blind XXE vulnerability A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference.

Metadata

Created: 2023-06-15T15:30:15Z
Modified: 2024-03-01T14:32:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-p2qf-9vp6-3jjq/GHSA-p2qf-9vp6-3jjq.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-p2qf-9vp6-3jjq
Finding: F083
Auto approve: 1