Description
Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation.
Remediation
References
https://apidoc.gitee.com/dromara/hutool/cn/hutool/http/ssl/DefaultSSLInfo.html
https://github.com/dromara/hutool/issues/2042
Related Vulnerabilities
CVE-2023-30547 Vulnerability in npm package vm2
CVE-2023-34247 Vulnerability in npm package @keystone-6/auth
CVE-2022-3510 Vulnerability in maven package com.google.protobuf:protobuf-java
CVE-2016-0762 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2016-4436 Vulnerability in maven package org.apache.struts:struts2-core