logo

Database

Insecure temporary files In cn.hutool:hutool-core

Description

Insecure Temporary File in HuTool Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-336952. NVD-2023-336953. OSV-2023-336954. GCVE-2023-33695

References

1. https://github.com/dromara/hutool/issues/31032. https://github.com/dromara/hutool/commit/c33550f703f5d1d7dd71ad2992d79a5e5532ce2c

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.