[MAVEN:GHSA-RR66-QH5M-W6MX] hutool Buffer Overflow vulnerability

Severity High

Affected Packages 2

CVEs 1

hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().

Package	Affected Version
pkg:maven/cn.hutool/hutool-json	<= 5.8.21
pkg:maven/cn.hutool/hutool-core	<= 5.8.21

ID: MAVEN:GHSA-RR66-QH5M-W6MX
Severity: high
URL: https://github.com/advisories/GHSA-rr66-qh5m-w6mx
Published: 2023-09-09T00:30:48
(12 months ago)
Modified: 2023-11-04T05:01:22
(10 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2023-42278
			https://github.com/dromara/hutool/issues/3289
			https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12
			https://github.com/advisories/GHSA-rr66-qh5m-w6mx

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/cn.hutool/hutool-json	cn.hutool	hutool-json	<= 5.8.21
Affected	pkg:maven/cn.hutool/hutool-core	cn.hutool	hutool-core	<= 5.8.21

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date