Deserialization vulnerability in Dromara Hutool v5.8.11 allows malicious user to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.
hutool hutool 5.8.11