#git

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.

A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final.

By Owais Sultan Meetings without paper have become a reality thanks to advanced technologies. Digital tools help companies be more efficient… This is a post from HackRead.com Read the original post: Why Virtual Board Portals are the Key to Better Collaboration and Decision-Making

By Waqas The company under criticism is National Amusements, the parent company of media giants such as Paramount and CBS. This is a post from HackRead.com Read the original post: National Amusements Reveals Data Breach Amid Backlash Affecting 82,000+

### Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. Applications using only the in-memory filesystem supported by `go-git` are not affected by this vulnerability. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us. ### References - [GHSA-mw99-9chc-xw7r](https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r)

Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.

We look at the three most common methods that ransomware groups use to avoid being detected.

A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called Xamarin and abuses the operating system's accessibility permissions to fulfill its objectives.

By Waqas ParkMobile, a globally-used parking app, is the same platform that suffered a massive data breach in 2021 when hackers leaked the data of 21 million customers. This is a post from HackRead.com Read the original post: RingGo, ParkMobile Owner EasyPark Suffers Data Breach, User Data Stolen

When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack.