exploitDog

CVE-2023-24163

Опубликовано: 31 янв. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.

Ссылки

https://gitee.com/dromara/hutool/issues/I6AJWJ#note_15801868
Exploit
Third Party Advisory
https://gitee.com/dromara/hutool/issues/I6AJWJ#note_20057806_link
Issue Tracking
https://github.com/dromara/hutool/issues/3149
Issue Tracking
https://github.com/dromara/hutool/releases/tag/5.8.21
Release Notes
https://github.com/google/osv.dev/issues/2195
Issue Tracking
https://gitee.com/dromara/hutool/issues/I6AJWJ#note_15801868
Exploit
Third Party Advisory
https://gitee.com/dromara/hutool/issues/I6AJWJ#note_20057806_link
Issue Tracking
https://github.com/dromara/hutool/issues/3149
Issue Tracking
https://github.com/dromara/hutool/releases/tag/5.8.21
Release Notes
https://github.com/google/osv.dev/issues/2195
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hutool:hutool:*:*:*:*:*:*:*:*

Версия до 5.8.21 (исключая)

EPSS

Процентиль: 40%

0.00181

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-6c25-cxcc-pmc4

CVSS3: 9.8

github

около 3 лет назад

Dromara hutool vulnerable to SQL Injection

EPSS

Процентиль: 40%

0.00181

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89