Description
Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation.
Remediation
References
https://apidoc.gitee.com/dromara/hutool/cn/hutool/http/ssl/DefaultSSLInfo.html
https://github.com/dromara/hutool/issues/2042
Related Vulnerabilities
CVE-2019-10419 Vulnerability in maven package org.jenkins-ci.plugins:application-director-plugin
CVE-2020-2264 Vulnerability in maven package org.jenkins-ci.plugins:custom-job-icon
CVE-2021-22963 Vulnerability in npm package fastify-static
CVE-2022-27820 Vulnerability in maven package org.zaproxy:zap
CVE-2020-6428 Vulnerability in maven package org.webjars.npm:electron