Articles about: java

Don’t recurse on untrusted input

We developed a simple CodeQL query to find denial-of-service (DoS) vulnerabilities in several high-profile Java projects.

Alexis Challande

February 21, 2025

recursion vulnerability-disclosure java

Search

Recent Posts

Lack of isolation in agentic browsers resurfaces old vulnerabilities
Detect Go’s silent arithmetic bugs with go-panikint
Can chatbots craft correct code?
Use GWP-ASan to detect exploits in production environments
Catching malicious package releases using a transparency log

JOIN OUR NEWSLETTER

Categories

aixcc11 apple13 application-security20 attacks17 audits14 authentication6 benchmarking1 binary-analysis1 binary-ninja15 blockchain97 c/c++3 capture-the-flag12 careers3 codeql8 cold-storage1 compilers35 conferences35 confidential-computing3 containers3 cryptography84 crytic4 cyber-grand-challenge8 darpa31 design-review1 dynamic-analysis14 ebpf6 echidna1 ecosystem-security12 education18 empire-hacking8 engineering-practice25 ethereum1 events8 exploits38 fuzzing51 go12 guides15 internship-projects46 invariant-development3 iverify5 java1 kernel1 kubernetes3 linux9 llvm6 machine-learning49 malware7 manticore17 mcp6 mcsema11 memory-safety3 meta12 mitigations12 mlir2 multi-agent systems1 mutation-testing1 open-source32 operational security1 osquery23 paper-review11 people17 podcast1 policy13 post-quantum1 press-release29 privacy9 products8 program-analysis23 prompt-injection5 recursion1 remote-code-execution1 research-practice44 reversing18 ruby1 rust8 safedocs1 semgrep9 sinter1 slither5 snapshot fuzzing1 sponsorships13 stablecoins1 static-analysis40 supply-chain15 symbolic-execution18 testing handbook6 threat-modeling6 threshold-signatures1 tool-release15 training3 trusted-execution-environment3 vast2 vulnerabilities12 vulnerability-disclosure27 windows3 working-at-trail-of-bits5 year-in-review6 zero-knowledge13

Archives

202569 202479 202357 202243 202120 202037 201960 201841 201722 201627 201511 201418 20135 20122

1

Join our newsletter

Security for Teams

Building the Future

© Trail of Bits 2025. All rights reserved.Privacy Policy Terms of Service

© Trail of Bits 2025. All rights reserved.

2012:2025 0 PX