Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Last commented by a User:false
Current Java versions suffer from a nasty bug that will pretty much stall the entire VM when trying to parse the value into a BigDecimal or Double. So in case somebody pipes this into a Spring MVC form for example, the CustomNumberEditor will suffer from this vulnerability.
Although Oracle seems to approach the issue now that it's publicly discussed, but users not able to upgrade to a very current version of Java will be affected.
|Field||Original Value||New Value|
|Workflow||SPR Workflow [ 45440 ]||New SPR Workflow [ 65154 ]|
|Workflow||New SPR Workflow [ 65154 ]||SPR Workflow [ 74586 ]|
|Resolution||Won't Fix [ 2 ]|
|Status||Open [ 1 ]||Resolved [ 5 ]|