| Title | java component library hutool zip bomb vulnerability |
|---|
| Description | zip bomb vulnerability exists in hutool. This vulnerability occurs when zip is decompressed.
the size of the 42KB package is 5.5 GB, that of the 10MB package is 281TB, and that of the 46MB package is 4.5PB.
The HuTool component does not strictly protect against the preceding situations.
As a result, the storage resources of the server are consumed and service denial occurs.As a result, the storage resources of the server are consumed and service denial occurs.
details: https://github.com/dromara/hutool/issues/2797 |
|---|
| Source | ⚠️ https://github.com/dromara/hutool/issues/2797 |
|---|
| User | TGAO (UID 37046) |
|---|
| Submission | 12/12/2022 08:18 (3 years ago) |
|---|
| Moderation | 12/16/2022 18:12 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 215974 [Dromara HuTool up to 5.8.10 cn.hutool.core.util.ZipUtil.java resource consumption] |
|---|
| Points | 20 |
|---|