Pricing Enterprise

CVE-2023-24162

9.8CRITICAL

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.

Published: 1/31/2023Updated: 3/27/2025

View on NVD View on MITRE

Description

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.

AI AnalysisPowered by AI

Affected Products

hutoolhutool

5.8.11

References

https://gitee.com/dromara/hutool/issues/I6AEX2
ExploitThird Party Advisory
https://github.com/dromara/hutool/issues/2855
ExploitThird Party Advisory
https://gitee.com/dromara/hutool/issues/I6AEX2
ExploitThird Party Advisory
https://github.com/dromara/hutool/issues/2855
ExploitThird Party Advisory