CVE-2023-24163: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

January 31, 2023 (updated February 8, 2023)

SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine.

References

gitee.com/dromara/hutool/issues/I6AJWJ
github.com/advisories/GHSA-6c25-cxcc-pmc4
nvd.nist.gov/vuln/detail/CVE-2023-24163

Detect and mitigate CVE-2023-24163 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →