Description
Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation.
Remediation
References
https://apidoc.gitee.com/dromara/hutool/cn/hutool/http/ssl/DefaultSSLInfo.html
https://github.com/dromara/hutool/issues/2042
Related Vulnerabilities
CVE-2020-8131 Vulnerability in npm package yarn
CVE-2018-18893 Vulnerability in maven package com.hubspot.jinjava:jinjava
CVE-2022-29251 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-theme-ui
CVE-2022-24377 Vulnerability in npm package cycle-import-check
CVE-2021-46708 Vulnerability in maven package org.webjars:swagger-ui