Home > Vulnerability Database > CVE-2023-33695

Mend.io Vulnerability Database

CVE-2023-33695

Good to know:

Date: June 12, 2023

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.

Language: Java

Severity Score

7.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33695

Url: https://github.com/dromara/hutool

Url: https://github.com/dromara/hutool/commit/c33550f703f5d1d7dd71ad2992d79a5e5532ce2c

Url: https://github.com/dromara/hutool/issues/3103

Url: https://www.mend.io/vulnerability-database/CVE-2023-33695

Severity Score

7.1

Weakness Type (CWE)

Insecure Temporary File

CWE-377

Incorrect Permission Assignment for Critical Resource

CWE-732

Top Fix

Upgrade Version

Upgrade to version cn.hutool:hutool-core:5.8.19;cn.hutool:hutool-all:5.8.19

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33695

Good to know:

Date: June 12, 2023

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?