CVE-2023-24162

Published: Jan 31, 2023
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-24162" target="_blank" rel="noopener"> CVE-2023-24162
GHSA: <a href="https://github.com/advisories/GHSA-77h8-5j3h-jcjf" target="_blank" rel="noopener"> GHSA-77h8-5j3h-jcjf
Severity: Critical
Exploit:

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.

CVSS v3:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
hutool / hutool	5.8.11	5.8.11.x
cn.hutool / hutool-all	-	5.8.11.x