Description
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.
Remediation
References
https://github.com/dromara/hutool/issues/3421
Related Vulnerabilities
CVE-2015-8862 Vulnerability in maven package org.webjars.npm:mustache
CVE-2023-26487 Vulnerability in maven package org.webjars.npm:vega
CVE-2020-28436 Vulnerability in npm package google-cloudstorage-commands
CVE-2020-35460 Vulnerability in maven package net.sf.mpxj:mpxj
CVE-2020-16040 Vulnerability in maven package org.webjars.npm:electron