Hutool provides XML utility classes that may be vulnerable to remote code execution when using XmlUtil.readObjectFromXml to interpret untrusted XML strings
Detailed
The program will call XMLDecoder.readObject to parse the XML string, causing a deserialization vulnerability
Desc
Hutool provides XML utility classes that may be vulnerable to remote code execution when using XmlUtil.readObjectFromXml to interpret untrusted XML strings
Detailed
The program will call XMLDecoder.readObject to parse the XML string, causing a deserialization vulnerability
cn.hutool.core.util.XmlUtil#readObjectFromXml

Attack
The text was updated successfully, but these errors were encountered: