Denial of Service Vulnerability in hutool-core by Dromara
CVE-2023-51075

7.5HIGH

Key Information:

Vendor: Dromara
Status: Hutool
Vendor: CVE Published:; 27 December 2023

What is CVE-2023-51075?

The hutool-core library v5.8.23 is vulnerable to a Denial of Service attack due to an infinite loop in the StrSplitter.splitByRegex function. By manipulating specific parameters, an attacker can exploit this vulnerability, potentially leading to service interruptions. It is crucial for users to apply necessary patches and follow security best practices to mitigate this issue.

References

https://github.com/dromara/hutool/issues/3421

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 27, 2023
Vulnerability Reserved
Dec 18, 2023

CVE-2023-51075 Data

JSON