Описание
Hutool allows remote code execution (RCE) via the QLExpressEngine class
An issue was discovered in chinabugotech hutool before 5.8.40 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class.
Пакеты
Наименование
cn.hutool:hutool-extra
maven
Затронутые версииВерсия исправления
< 5.8.40
5.8.40
Связанные уязвимости
CVSS3: 6.5
nvd
4 месяца назад
An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class.