Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Workaround for Java bug in parsing specific decimal value [SPR-7950] #12605
Current Java versions suffer from a nasty bug that will pretty much stall the entire VM when trying to parse the value into a BigDecimal or Double. So in case somebody pipes this into a Spring MVC form for example, the CustomNumberEditor will suffer from this vulnerability.
Although Oracle seems to approach the issue now that it's publicly discussed, but users not able to upgrade to a very current version of Java will be affected.
No further details from SPR-7950
Oliver Drotbohm commented
The issue doesn't seem to be present in current JRE 1.6.0_37 and JRE 1.7.0_11 anymore. So the suggested workaround is to upgrade to a JRE that has the fix for the original issue. According to the website that described the issue the first JRE version including the fix is 1.6.0_24. Not sure if a JRE 7 has ever been affected by that bug.