CVE-2023-51075: hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function

December 27, 2023 (updated December 28, 2023)

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.

References

github.com/advisories/GHSA-7m7h-rgvp-3v4r
github.com/dromara/hutool/commit/32f2d0bd55defecb869fbf64d940bcc05642accc
github.com/dromara/hutool/issues/3421
nvd.nist.gov/vuln/detail/CVE-2023-51075

Detect and mitigate CVE-2023-51075 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →