Skip to content

[GHSA-7p8c-crfr-q93p] hutool Buffer Overflow vulnerability #5813

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[GHSA-7p8c-crfr-q93p] hutool Buffer Overflow vulnerability #5813

wants to merge 1 commit into from
+1 −1

Conversation

achibear
Copy link

Updates

  • Affected products

Comments
According to https://mvnrepository.com/artifact/cn.hutool/hutool-core?p=10, its maven version starts at 4.0.6

@github-actions github-actions bot changed the base branch from main to achibear/advisory-improvement-5813 July 16, 2025 01:30
@helixplant
Copy link

Hi @achibear,
Regarding the version range specifications, I wanted to clarify that when defining product dependencies with less-than range constraints, it's typically not necessary to explicitly include the exact lower bound that is available for download. While the MVN Repository package indicates version 4.0.6 as the lowest available version in the range, including this lower bound can be redundant since it's understood to be the starting point for the package on MVN Repository. Thank you for your interest in improving this advisory!

@helixplant helixplant closed this Jul 16, 2025
@github-actions github-actions bot deleted the achibear-GHSA-7p8c-crfr-q93p branch July 16, 2025 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@achibear @helixplant