Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities found for htmlunit by HtmlUnit
CVE-2023-49093 (GCVE-0-2023-49093)
Vulnerability from cvelistv5 – Published: 2023-12-04 04:47 – Updated: 2024-10-10 20:14
VLAI
Title
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Summary
HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HtmlUnit/htmlunit/security/adv… | x_refsource_CONFIRM |
| https://www.htmlunit.org/changes-report.html#a3.9.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:28.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7"
},
{
"name": "https://www.htmlunit.org/changes-report.html#a3.9.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htmlunit.org/changes-report.html#a3.9.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49093",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:13:51.286875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:14:07.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "htmlunit",
"vendor": "HtmlUnit",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage. This vulnerability has been patched in version 3.9.0"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T04:47:27.145Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7"
},
{
"name": "https://www.htmlunit.org/changes-report.html#a3.9.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htmlunit.org/changes-report.html#a3.9.0"
}
],
"source": {
"advisory": "GHSA-37vq-hr2f-g7h7",
"discovery": "UNKNOWN"
},
"title": "HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49093",
"datePublished": "2023-12-04T04:47:27.145Z",
"dateReserved": "2023-11-21T18:57:30.429Z",
"dateUpdated": "2024-10-10T20:14:07.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2798 (GCVE-0-2023-2798)
Vulnerability from cvelistv5 – Published: 2023-05-25 13:54 – Updated: 2024-08-02 06:33
VLAI
Title
Denial of service in HtmlUnit
Summary
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Date Public
2023-01-19 15:41
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/HtmlUnit/",
"defaultStatus": "unaffected",
"packageName": "htmlunit",
"repo": "https://github.com/HtmlUnit/htmlunit",
"versions": [
{
"lessThan": "2.70.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"user": "00000000-0000-4000-9000-000000000000",
"value": "OSS-Fuzz"
}
],
"datePublic": "2023-01-19T15:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThose using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.\u003c/span\u003e\u003cp\u003eThis issue affects htmlunit before 2.70.0.\u003c/p\u003e"
}
],
"value": "Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T13:54:52.191Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of service in HtmlUnit",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-2798",
"datePublished": "2023-05-25T13:54:52.191Z",
"dateReserved": "2023-05-18T14:33:09.974Z",
"dateUpdated": "2024-08-02T06:33:05.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26119 (GCVE-0-2023-26119)
Vulnerability from cvelistv5 – Published: 2023-04-03 05:00 – Updated: 2024-08-02 11:39
VLAI
Summary
Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.
Severity
9.8 (Critical)
CWE
- CWE-94 - Remote Code Execution (RCE)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | net.sourceforge.htmlunit:htmlunit |
Affected:
0 , < 3.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-3252500"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b"
},
{
"tags": [
"x_transferred"
],
"url": "https://siebene.github.io/2022/12/30/HtmlUnit-RCE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "net.sourceforge.htmlunit:htmlunit",
"vendor": "n/a",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Siebene@"
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Remote Code Execution (RCE)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T05:00:02.503Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-3252500"
},
{
"url": "https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b"
},
{
"url": "https://siebene.github.io/2022/12/30/HtmlUnit-RCE/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2023-26119",
"datePublished": "2023-04-03T05:00:02.503Z",
"dateReserved": "2023-02-20T10:28:48.923Z",
"dateUpdated": "2024-08-02T11:39:06.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29546 (GCVE-0-2022-29546)
Vulnerability from cvelistv5 – Published: 2022-04-25 02:54 – Updated: 2024-08-03 06:26
VLAI
Summary
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/HtmlUnit/htmlunit-neko/securit… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-25T02:54:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg",
"refsource": "CONFIRM",
"url": "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29546",
"datePublished": "2022-04-25T02:54:59.000Z",
"dateReserved": "2022-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:26:06.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28366 (GCVE-0-2022-28366)
Vulnerability from cvelistv5 – Published: 2022-04-21 22:41 – Updated: 2024-08-03 05:56
VLAI
Summary
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nahsra/antisamy/releases/tag/v1.6.6 | x_refsource_MISC |
| https://search.maven.org/artifact/net.sourceforge… | x_refsource_MISC |
| https://sourceforge.net/projects/htmlunit/files/h… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:15.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nahsra/antisamy/releases/tag/v1.6.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T14:35:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nahsra/antisamy/releases/tag/v1.6.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nahsra/antisamy/releases/tag/v1.6.6",
"refsource": "MISC",
"url": "https://github.com/nahsra/antisamy/releases/tag/v1.6.6"
},
{
"name": "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit",
"refsource": "MISC",
"url": "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit"
},
{
"name": "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/",
"refsource": "MISC",
"url": "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28366",
"datePublished": "2022-04-21T22:41:53.000Z",
"dateReserved": "2022-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:56:15.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5529 (GCVE-0-2020-5529)
Vulnerability from cvelistv5 – Published: 2020-02-11 08:35 – Updated: 2024-10-15 18:35
VLAI
Summary
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Remote code execution
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/HtmlUnit/htmlunit/releases/tag… | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN34535327/ | third-party-advisoryx_refsource_JVN |
| https://lists.apache.org/thread.html/ra2cd7f8e61d… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/4584-1/ | vendor-advisoryx_refsource_UBUNTU |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HtmlUnit Project | HtmlUnit |
Affected:
prior to 2.37.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"
},
{
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34535327/"
},
{
"name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"
},
{
"name": "USN-4584-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4584-1/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-5529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:16:12.338645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:35:29.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HtmlUnit",
"vendor": "HtmlUnit Project",
"versions": [
{
"status": "affected",
"version": "prior to 2.37.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T23:06:14.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"
},
{
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN34535327/"
},
{
"name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"
},
{
"name": "USN-4584-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4584-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HtmlUnit",
"version": {
"version_data": [
{
"version_value": "prior to 2.37.0"
}
]
}
}
]
},
"vendor_name": "HtmlUnit Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0",
"refsource": "CONFIRM",
"url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"
},
{
"name": "https://jvn.jp/en/jp/JVN34535327/",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN34535327/"
},
{
"name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"
},
{
"name": "USN-4584-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4584-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5529",
"datePublished": "2020-02-11T08:35:12.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-10-15T18:35:29.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49093 (GCVE-0-2023-49093)
Vulnerability from nvd – Published: 2023-12-04 04:47 – Updated: 2024-10-10 20:14
VLAI
Title
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Summary
HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HtmlUnit/htmlunit/security/adv… | x_refsource_CONFIRM |
| https://www.htmlunit.org/changes-report.html#a3.9.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:28.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7"
},
{
"name": "https://www.htmlunit.org/changes-report.html#a3.9.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htmlunit.org/changes-report.html#a3.9.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49093",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:13:51.286875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:14:07.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "htmlunit",
"vendor": "HtmlUnit",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage. This vulnerability has been patched in version 3.9.0"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T04:47:27.145Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7"
},
{
"name": "https://www.htmlunit.org/changes-report.html#a3.9.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htmlunit.org/changes-report.html#a3.9.0"
}
],
"source": {
"advisory": "GHSA-37vq-hr2f-g7h7",
"discovery": "UNKNOWN"
},
"title": "HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49093",
"datePublished": "2023-12-04T04:47:27.145Z",
"dateReserved": "2023-11-21T18:57:30.429Z",
"dateUpdated": "2024-10-10T20:14:07.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2798 (GCVE-0-2023-2798)
Vulnerability from nvd – Published: 2023-05-25 13:54 – Updated: 2024-08-02 06:33
VLAI
Title
Denial of service in HtmlUnit
Summary
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Date Public
2023-01-19 15:41
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/HtmlUnit/",
"defaultStatus": "unaffected",
"packageName": "htmlunit",
"repo": "https://github.com/HtmlUnit/htmlunit",
"versions": [
{
"lessThan": "2.70.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"user": "00000000-0000-4000-9000-000000000000",
"value": "OSS-Fuzz"
}
],
"datePublic": "2023-01-19T15:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThose using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.\u003c/span\u003e\u003cp\u003eThis issue affects htmlunit before 2.70.0.\u003c/p\u003e"
}
],
"value": "Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T13:54:52.191Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of service in HtmlUnit",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-2798",
"datePublished": "2023-05-25T13:54:52.191Z",
"dateReserved": "2023-05-18T14:33:09.974Z",
"dateUpdated": "2024-08-02T06:33:05.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26119 (GCVE-0-2023-26119)
Vulnerability from nvd – Published: 2023-04-03 05:00 – Updated: 2024-08-02 11:39
VLAI
Summary
Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.
Severity
9.8 (Critical)
CWE
- CWE-94 - Remote Code Execution (RCE)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | net.sourceforge.htmlunit:htmlunit |
Affected:
0 , < 3.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-3252500"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b"
},
{
"tags": [
"x_transferred"
],
"url": "https://siebene.github.io/2022/12/30/HtmlUnit-RCE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "net.sourceforge.htmlunit:htmlunit",
"vendor": "n/a",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Siebene@"
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Remote Code Execution (RCE)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T05:00:02.503Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-3252500"
},
{
"url": "https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b"
},
{
"url": "https://siebene.github.io/2022/12/30/HtmlUnit-RCE/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2023-26119",
"datePublished": "2023-04-03T05:00:02.503Z",
"dateReserved": "2023-02-20T10:28:48.923Z",
"dateUpdated": "2024-08-02T11:39:06.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29546 (GCVE-0-2022-29546)
Vulnerability from nvd – Published: 2022-04-25 02:54 – Updated: 2024-08-03 06:26
VLAI
Summary
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/HtmlUnit/htmlunit-neko/securit… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-25T02:54:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg",
"refsource": "CONFIRM",
"url": "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29546",
"datePublished": "2022-04-25T02:54:59.000Z",
"dateReserved": "2022-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:26:06.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28366 (GCVE-0-2022-28366)
Vulnerability from nvd – Published: 2022-04-21 22:41 – Updated: 2024-08-03 05:56
VLAI
Summary
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nahsra/antisamy/releases/tag/v1.6.6 | x_refsource_MISC |
| https://search.maven.org/artifact/net.sourceforge… | x_refsource_MISC |
| https://sourceforge.net/projects/htmlunit/files/h… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:15.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nahsra/antisamy/releases/tag/v1.6.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T14:35:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nahsra/antisamy/releases/tag/v1.6.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nahsra/antisamy/releases/tag/v1.6.6",
"refsource": "MISC",
"url": "https://github.com/nahsra/antisamy/releases/tag/v1.6.6"
},
{
"name": "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit",
"refsource": "MISC",
"url": "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit"
},
{
"name": "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/",
"refsource": "MISC",
"url": "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28366",
"datePublished": "2022-04-21T22:41:53.000Z",
"dateReserved": "2022-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:56:15.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5529 (GCVE-0-2020-5529)
Vulnerability from nvd – Published: 2020-02-11 08:35 – Updated: 2024-10-15 18:35
VLAI
Summary
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Remote code execution
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/HtmlUnit/htmlunit/releases/tag… | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN34535327/ | third-party-advisoryx_refsource_JVN |
| https://lists.apache.org/thread.html/ra2cd7f8e61d… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/4584-1/ | vendor-advisoryx_refsource_UBUNTU |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HtmlUnit Project | HtmlUnit |
Affected:
prior to 2.37.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"
},
{
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34535327/"
},
{
"name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"
},
{
"name": "USN-4584-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4584-1/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-5529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:16:12.338645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:35:29.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HtmlUnit",
"vendor": "HtmlUnit Project",
"versions": [
{
"status": "affected",
"version": "prior to 2.37.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T23:06:14.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"
},
{
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN34535327/"
},
{
"name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"
},
{
"name": "USN-4584-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4584-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HtmlUnit",
"version": {
"version_data": [
{
"version_value": "prior to 2.37.0"
}
]
}
}
]
},
"vendor_name": "HtmlUnit Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0",
"refsource": "CONFIRM",
"url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"
},
{
"name": "https://jvn.jp/en/jp/JVN34535327/",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN34535327/"
},
{
"name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"
},
{
"name": "USN-4584-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4584-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5529",
"datePublished": "2020-02-11T08:35:12.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-10-15T18:35:29.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2020-000011
Vulnerability from jvndb - Published: 2020-02-10 12:30 - Updated:2020-02-10 12:30
Severity
Summary
HtmlUnit vulenerable to arbitrary code execution
Details
HtmlUnit is a Java-based library which provides web browser functionality to Java programs, and it supports JavaScript evaluation with embedded Mozilla Rhino engine.
Mozilla Rhino engine offers a feature to make Java objects available from JavaScript.
HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application(CWE-284).
Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
ICHIHARA Ryohei of DMM.com LLC reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000011.html",
"dc:date": "2020-02-10T12:30+09:00",
"dcterms:issued": "2020-02-10T12:30+09:00",
"dcterms:modified": "2020-02-10T12:30+09:00",
"description": "HtmlUnit is a Java-based library which provides web browser functionality to Java programs, and it supports JavaScript evaluation with embedded Mozilla Rhino engine.\r\nMozilla Rhino engine offers a feature to make Java objects available from JavaScript.\r\nHtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application(CWE-284).\r\nMoreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.\r\n\r\nICHIHARA Ryohei of DMM.com LLC reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000011.html",
"sec:cpe": {
"#text": "cpe:/a:htmlunit_project:htmlunit",
"@product": "HtmlUnit",
"@vendor": "HtmlUnit",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000011",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN34535327/index.html",
"@id": "JVN#34535327",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5529",
"@id": "CVE-2020-5529",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5529",
"@id": "CVE-2020-5529",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "HtmlUnit vulenerable to arbitrary code execution"
}