-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability documentation explicitly identifies XmlUtil.readObjectFromXml as the entry point. The Gitee issue shows this method directly passes user-controlled XML to XMLDecoder.readObject(), which is known to be unsafe. Multiple authoritative sources (CVE, GHSA, and project's own issue tracker) confirm this function's role in the exploit chain. The maintainer's response about adding warnings but not fixing the method further confirms its vulnerable nature.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| cn.hutool:hutool-all | maven | <= 5.8.11 |
Ongoing coverage of React2Shell