PT-2023-31755 · Unknown · Hutool-Core
Looly
·
Publicado
2023-12-27
·
Atualizado
2025-09-05
·
CVE-2023-51075
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
hutool-core version 5.8.23
Description
The issue is related to an infinite loop in the
StrSplitter.splitByRegex function, which can be exploited by attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters, parameter1 and parameter2.Recommendations
For hutool-core version 5.8.23, consider disabling the
StrSplitter.splitByRegex function until a patch is available to prevent potential Denial of Service (DoS) attacks.Exploit
Correção
DoS
Infinite Loop
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hutool-Core