CVE-2023-51075

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 27, 2023

Updated: Jan 9, 2024

CWE ID 835

Summary

CVE-2023-51075 is a newly disclosed vulnerability affecting hutool-core version 5.8.23. The issue lies in the StrSplitter.splitByRegex function, which contains an infinite loop. An attacker can exploit this flaw by manipulating the first two parameters to trigger the infinite loop, leading to a Denial of Service (DoS) condition. This vulnerability poses a significant risk for systems that utilize hutool-core in their operations, and it is recommended that users upgrade to the latest version to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t1x872
https://www.cve.org/CVERecord?id=CVE-2023-51075
https://nvd.nist.gov/vuln/detail/CVE-2023-51075

Back to Vulnerability Database

CVE-2023-51075

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations