Description

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.

Remediation

References

https://github.com/dromara/hutool/issues/2855

https://gitee.com/dromara/hutool/issues/I6AEX2

Related Vulnerabilities

CVE-2023-4043 Vulnerability in maven package org.eclipse.parsson:project

CVE-2021-21120 Vulnerability in npm package electron

CVE-2021-26275 Vulnerability in npm package eslint-fixer

CVE-2020-7605 Vulnerability in npm package gulp-tape

CVE-2020-7633 Vulnerability in npm package apiconnect-cli-plugins

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory