| عنوان | java component library hutool zip bomb vulnerability |
|---|
| الوصف | zip bomb vulnerability exists in hutool. This vulnerability occurs when zip is decompressed.
the size of the 42KB package is 5.5 GB, that of the 10MB package is 281TB, and that of the 46MB package is 4.5PB.
The HuTool component does not strictly protect against the preceding situations.
As a result, the storage resources of the server are consumed and service denial occurs.As a result, the storage resources of the server are consumed and service denial occurs.
details: https://github.com/dromara/hutool/issues/2797 |
|---|
| المصدر | ⚠️ https://github.com/dromara/hutool/issues/2797 |
|---|
| المستخدم | TGAO (UID 37046) |
|---|
| ارسال | 12/12/2022 08:18 AM (3 سنوات منذ) |
|---|
| الاعتدال | 16/12/2022 06:12 PM (4 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 215974 [Dromara HuTool حتى 5.8.10 cn.hutool.core.util.ZipUtil.java الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|