CVE-2022-22885

Description

Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation.

How to fix CVE-2022-22885

To remediate CVE-2022-22885, upgrade the affected package to a fixed version below.

• Maven/cn.hutool:hutool-http—upgrade to 5.7.19 or later

Is CVE-2022-22885 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 5.7.19

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-22885
• PATCHgithub.com/dromara/hutool
• WEBapidoc.gitee.com/dromara/hutool/cn/hutool/http/ssl/DefaultSSLInfo.html
• WEBgithub.com/dromara/hutool/issues/2042