GHSA-7m7h-rgvp-3v4r

Source

https://github.com/advisories/GHSA-7m7h-rgvp-3v4r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-7m7h-rgvp-3v4r/GHSA-7m7h-rgvp-3v4r.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7m7h-rgvp-3v4r

Aliases

CVE-2023-51075

Published

2023-12-27T21:31:01Z

Modified

2024-02-16T08:12:59.145244Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function

Details

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.

Database specific

{
    "nvd_published_at": "2023-12-27T21:15:08Z",
    "cwe_ids": [
        "CWE-835"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-28T16:40:14Z"
}

References

Affected packages

Maven / cn.hutool:hutool-core

Package

Name: cn.hutool:hutool-core; View open source insights on deps.dev
Purl: pkg:maven/cn.hutool/hutool-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.8.24

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.0.11

4.0.12

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.1.9

4.1.10

4.1.11

4.1.12

4.1.13

4.1.14

4.1.15

4.1.16

4.1.17

4.1.18

4.1.19

4.1.20

4.1.21

4.2.1

4.3.0

4.3.1

4.3.2

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.5.5

4.5.6

4.5.7

4.5.8

4.5.9

4.5.10

4.5.11

4.5.12

4.5.13

4.5.14

4.5.15

4.5.16

4.5.17

4.5.18

4.6.0

4.6.1

4.6.2

4.6.3

4.6.4

4.6.5

4.6.6

4.6.7

4.6.8

4.6.10

4.6.11

4.6.12

4.6.13

4.6.14

4.6.15

4.6.16

4.6.17

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9

5.3.10

5.4.0

5.4.1

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.5.9

5.6.0

5.6.1

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.7.0

5.7.1

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14

5.7.15

5.7.16

5.7.17

5.7.18

5.7.19

5.7.20

5.7.21

5.7.22

5.8.0.M1

5.8.0.M2

5.8.0.M3

5.8.0.M4

5.8.0

5.8.1

5.8.2

5.8.3

5.8.4.M1

5.8.4

5.8.5

5.8.6

5.8.7

5.8.8

5.8.9

5.8.10

5.8.11

5.8.12

5.8.13

5.8.14

5.8.15

5.8.16

5.8.17

5.8.18

5.8.19

5.8.20

5.8.21

5.8.22

5.8.23

Database specific

{
    "last_known_affected_version_range": "<= 5.8.23"
}