CVE-2023-42278: hutool Buffer Overflow vulnerability

September 9, 2023 (updated January 3, 2025)

hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().

References

github.com/advisories/GHSA-rr66-qh5m-w6mx
github.com/dromara/hutool
github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12
github.com/dromara/hutool/issues/3289
nvd.nist.gov/vuln/detail/CVE-2023-42278

Code Behaviors & Features

Detect and mitigate CVE-2023-42278 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →