| Titel | java component library hutool zip bomb vulnerability |
|---|
| Beschreibung | zip bomb vulnerability exists in hutool. This vulnerability occurs when zip is decompressed.
the size of the 42KB package is 5.5 GB, that of the 10MB package is 281TB, and that of the 46MB package is 4.5PB.
The HuTool component does not strictly protect against the preceding situations.
As a result, the storage resources of the server are consumed and service denial occurs.As a result, the storage resources of the server are consumed and service denial occurs.
details: https://github.com/dromara/hutool/issues/2797 |
|---|
| Quelle | ⚠️ https://github.com/dromara/hutool/issues/2797 |
|---|
| Benutzer | TGAO (UID 37046) |
|---|
| Einreichung | 12.12.2022 08:18 (vor 3 Jahren) |
|---|
| Moderieren | 16.12.2022 18:12 (4 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 215974 [Dromara HuTool bis 5.8.10 cn.hutool.core.util.ZipUtil.java Denial of Service] |
|---|
| Punkte | 20 |
|---|