[GHSA-rr66-qh5m-w6mx] hutool Buffer Overflow vulnerability #5136

mattberry3 · 2025-01-02T20:14:41Z

Updates

Affected products

Comments
Added a fix version of 5.8.22 for affected packages. Checked referenced commit here dromara/hutool@5c4486b which went into 5.8.22 per their changelog https://github.com/dromara/hutool/blob/5.8.22/CHANGELOG.md.

Additionally, CVE-2023-42278 no longer shows as a vulnerability for either in 5.8.22
Core:
https://mvnrepository.com/artifact/cn.hutool/hutool-core/5.8.21
https://mvnrepository.com/artifact/cn.hutool/hutool-core/5.8.22
JSON:
https://mvnrepository.com/artifact/cn.hutool/hutool-json/5.8.21
https://mvnrepository.com/artifact/cn.hutool/hutool-json/5.8.22

advisory-database · 2025-01-03T19:10:58Z

Hi @mattberry3! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

Improve GHSA-rr66-qh5m-w6mx

c2d2267

github-actions bot changed the base branch from main to mattberry3/advisory-improvement-5136 January 2, 2025 20:15

advisory-database bot merged commit c529043 into mattberry3/advisory-improvement-5136 Jan 3, 2025
2 checks passed

advisory-database bot deleted the mattberry3-GHSA-rr66-qh5m-w6mx branch January 3, 2025 19:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GHSA-rr66-qh5m-w6mx] hutool Buffer Overflow vulnerability #5136

[GHSA-rr66-qh5m-w6mx] hutool Buffer Overflow vulnerability #5136

mattberry3 commented Jan 2, 2025

advisory-database bot commented Jan 3, 2025

[GHSA-rr66-qh5m-w6mx] hutool Buffer Overflow vulnerability #5136

[GHSA-rr66-qh5m-w6mx] hutool Buffer Overflow vulnerability #5136

Conversation

mattberry3 commented Jan 2, 2025

advisory-database bot commented Jan 3, 2025