CNNVD-202512-137 Information
CNNVD ID
CNNVD-202512-137
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
NutzBoot是Nutz开源的一个企业级微服务框架。 NutzBoot 2.6.0-SNAPSHOT及之前版本存在代码问题漏洞,该漏洞源于文件HttpServletRpcEndpoint.java中函数getInputStream的错误操作,可能导致反序列化。
Description (English)
NutzBoot is an enterprise-level micro-service framework from Nutz open source. NutzBoot 2.6.0-SNAPSHOT and previous versions have a code problem loophole, which stems from the error of the function GetInputStream in document HttpServletRpletRpcEndpoint.java, which may lead to inverse sequences.
Hazard Level
Critical
Vulnerability Type
代码问题
Affected Vendor
Nutz
Published
2025-12-01
Last Modified
2026-02-24
References
https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-RCE-1/report.md https://vuldb.com/?id.333815 https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-RCE-1/report.md#vulnerability-details-and-poc https://vuldb.com/?ctiid.333815 https://vuldb.com/?submit.692053
Share on: