CVE-2023-3276

HIGH7.5EPSS 0.16%

HuTool XML parsing module has blind XXE vulnerability

發布日:2023/6/15修改日:2024/3/1

描述

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference.

受影響套件(1)

Maven/cn.hutool:hutool-corefrom 0, <= 5.8.19

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-3276
PATCHhttps://github.com/dromara/hutool
WEBhttps://fbdhhhh47.github.io/2023/06/06/hutool-XXE
WEBhttps://vuldb.com/?ctiid.231626
WEBhttps://vuldb.com/?id.231626