Improper Resource Shutdown or Release

CVE-2022-4565

High

7.5/10

Summary

A vulnerability classified as problematic was found in Dromara HuTool prior to 5.8.11. This vulnerability affects unknown code of the file "cn.hutool.core.util.ZipUtil.java". The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-404 - Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

References

Advisory
Issue
Release Note

Advisory Timeline

Published Dec 16, 2022

Improper Resource Shutdown or Release

CVE-2022-4565

Summary

CWE-404 - Improper Resource Shutdown or Release

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS