7.5

CVE-2022-4565

Exploit

EPSS 0.9%
Veröffentlicht 16.12.2022 19:15:08
Zuletzt bearbeitet 21.11.2024 07:35:30
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Dromara HuTool cn.hutool.core.util.ZipUtil.java resource consumption

A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component. VDB-215974 is the identifier assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hutool ≫ Hutool Version <= 5.8.10

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.9%	0.548

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://github.com/dromara/hutool/issues/2797

Third Party Advisory

Exploit

https://vuldb.com/?id.215974

Third Party Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2022-4565

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4565

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4565

EUVD