Looly

**Name of the Vulnerable Software and Affected Versions** hutool-core version 5.8.23 **Description** The issue is related to an infinite loop in the `StrSplitter.splitByRegex` function, which can be exploited by attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters, `parameter1` and `parameter2`. **Recommendations** For hutool-core version 5.8.23, consider disabling the `StrSplitter.splitByRegex` function until a patch is available to prevent potential Denial of Service (DoS) attacks.

**Name of the Vulnerable Software and Affected Versions** hutool-core version 5.8.23 **Description** The NumberUtil.toBigDecimal method in hutool-core was discovered to contain a stack overflow. **Recommendations** For hutool-core version 5.8.23, consider disabling the `toBigDecimal()` method in the `NumberUtil` class as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Hutool version 5.7.18 **Description** The issue concerns the ignoring of all TLS/SSL certificate validation in Hutool's HttpRequest. **Recommendations** For Hutool version 5.7.18, update to a version that properly validates TLS/SSL certificates to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.