Lucene search

[email protected]NVD:CVE-2023-51075

HistoryDec 27, 2023 - 9:15 p.m.

CVE-2023-51075

2023-12-2721:15:08

CWE-835

[email protected]

web.nvd.nist.gov

cve-2023-51075

denial of service

strsplitter

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%

JSON

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.

Affected configurations

NVD

Node

hutoolhutoolMatch5.8.23

References

github.com/dromara/hutool/issues/3421

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for NVD:CVE-2023-51075

cvelist1 prion1 gitlab1 osv2 veracode1 cve1 github1