Vulnerabilites related to HtmlUnit - htmlunit
cve-2020-5529
Vulnerability from cvelistv5
Published
2020-02-11 08:35
Modified
2024-10-15 18:35
Severity ?
EPSS score ?
Summary
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0 | x_refsource_CONFIRM | |
| https://jvn.jp/en/jp/JVN34535327/ | third-party-advisory, x_refsource_JVN | |
| https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4584-1/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HtmlUnit Project | HtmlUnit |
Version: prior to 2.37.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:30:24.598Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", }, { tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN34535327/", }, { name: "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E", }, { name: "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html", }, { name: "USN-4584-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4584-1/", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2020-5529", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:16:12.338645Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T18:35:29.255Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "HtmlUnit", vendor: "HtmlUnit Project", versions: [ { status: "affected", version: "prior to 2.37.0", }, ], }, ], descriptions: [ { lang: "en", value: "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.", }, ], problemTypes: [ { descriptions: [ { description: "Remote code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T23:06:14", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", }, { tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "https://jvn.jp/en/jp/JVN34535327/", }, { name: "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E", }, { name: "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html", }, { name: "USN-4584-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4584-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2020-5529", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "HtmlUnit", version: { version_data: [ { version_value: "prior to 2.37.0", }, ], }, }, ], }, vendor_name: "HtmlUnit Project", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote code execution", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", refsource: "CONFIRM", url: "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", }, { name: "https://jvn.jp/en/jp/JVN34535327/", refsource: "JVN", url: "https://jvn.jp/en/jp/JVN34535327/", }, { name: "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563@%3Ccommits.camel.apache.org%3E", }, { name: "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html", }, { name: "USN-4584-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4584-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2020-5529", datePublished: "2020-02-11T08:35:12", dateReserved: "2020-01-06T00:00:00", dateUpdated: "2024-10-15T18:35:29.255Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29546
Vulnerability from cvelistv5
Published
2022-04-25 02:54
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:26:06.394Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-25T02:54:59", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-29546", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg", refsource: "CONFIRM", url: "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-29546", datePublished: "2022-04-25T02:54:59", dateReserved: "2022-04-21T00:00:00", dateUpdated: "2024-08-03T06:26:06.394Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28366
Vulnerability from cvelistv5
Published
2022-04-21 22:41
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nahsra/antisamy/releases/tag/v1.6.6 | x_refsource_MISC | |
| https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit | x_refsource_MISC | |
| https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:15.220Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/nahsra/antisamy/releases/tag/v1.6.6", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-26T14:35:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/nahsra/antisamy/releases/tag/v1.6.6", }, { tags: [ "x_refsource_MISC", ], url: "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit", }, { tags: [ "x_refsource_MISC", ], url: "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28366", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/nahsra/antisamy/releases/tag/v1.6.6", refsource: "MISC", url: "https://github.com/nahsra/antisamy/releases/tag/v1.6.6", }, { name: "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit", refsource: "MISC", url: "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit", }, { name: "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/", refsource: "MISC", url: "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28366", datePublished: "2022-04-21T22:41:53", dateReserved: "2022-04-03T00:00:00", dateUpdated: "2024-08-03T05:56:15.220Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-49093
Vulnerability from cvelistv5
Published
2023-12-04 04:47
Modified
2024-10-10 20:14
Severity ?
EPSS score ?
Summary
HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7 | x_refsource_CONFIRM | |
| https://www.htmlunit.org/changes-report.html#a3.9.0 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:46:28.698Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7", }, { name: "https://www.htmlunit.org/changes-report.html#a3.9.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.htmlunit.org/changes-report.html#a3.9.0", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-49093", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T20:13:51.286875Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-10T20:14:07.250Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "htmlunit", vendor: "HtmlUnit", versions: [ { status: "affected", version: "< 3.9.0", }, ], }, ], descriptions: [ { lang: "en", value: "HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94: Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T04:47:27.145Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7", }, { name: "https://www.htmlunit.org/changes-report.html#a3.9.0", tags: [ "x_refsource_MISC", ], url: "https://www.htmlunit.org/changes-report.html#a3.9.0", }, ], source: { advisory: "GHSA-37vq-hr2f-g7h7", discovery: "UNKNOWN", }, title: "HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-49093", datePublished: "2023-12-04T04:47:27.145Z", dateReserved: "2023-11-21T18:57:30.429Z", dateUpdated: "2024-10-10T20:14:07.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26119
Vulnerability from cvelistv5
Published
2023-04-03 05:00
Modified
2024-08-02 11:39
Severity ?
EPSS score ?
Summary
Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | net.sourceforge.htmlunit:htmlunit |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:39:06.613Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-3252500", }, { tags: [ "x_transferred", ], url: "https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b", }, { tags: [ "x_transferred", ], url: "https://siebene.github.io/2022/12/30/HtmlUnit-RCE/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "net.sourceforge.htmlunit:htmlunit", vendor: "n/a", versions: [ { lessThan: "3.0.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Siebene@", }, ], descriptions: [ { lang: "en", value: "Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "Remote Code Execution (RCE)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-03T05:00:02.503Z", orgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", shortName: "snyk", }, references: [ { url: "https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-3252500", }, { url: "https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b", }, { url: "https://siebene.github.io/2022/12/30/HtmlUnit-RCE/", }, ], }, }, cveMetadata: { assignerOrgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", assignerShortName: "snyk", cveId: "CVE-2023-26119", datePublished: "2023-04-03T05:00:02.503Z", dateReserved: "2023-02-20T10:28:48.923Z", dateUpdated: "2024-08-02T11:39:06.613Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-2798
Vulnerability from cvelistv5
Published
2023-05-25 13:54
Modified
2024-08-02 06:33
Severity ?
EPSS score ?
Summary
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:33:05.702Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd", }, { tags: [ "x_transferred", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/HtmlUnit/", defaultStatus: "unaffected", packageName: "htmlunit", repo: "https://github.com/HtmlUnit/htmlunit", versions: [ { lessThan: "2.70.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "tool", user: "00000000-0000-4000-9000-000000000000", value: "OSS-Fuzz", }, ], datePublic: "2023-01-19T15:41:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.</span><p>This issue affects htmlunit before 2.70.0.</p>", }, ], value: "Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.\n\n", }, ], impacts: [ { capecId: "CAPEC-469", descriptions: [ { lang: "en", value: "CAPEC-469 HTTP DoS", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-25T13:54:52.191Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd", }, { url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613", }, ], source: { discovery: "UNKNOWN", }, title: "Denial of service in HtmlUnit", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2023-2798", datePublished: "2023-05-25T13:54:52.191Z", dateReserved: "2023-05-18T14:33:09.974Z", dateUpdated: "2024-08-02T06:33:05.702Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
jvndb-2020-000011
Vulnerability from jvndb
Published
2020-02-10 12:30
Modified
2020-02-10 12:30
Severity ?
Summary
HtmlUnit vulenerable to arbitrary code execution
Details
HtmlUnit is a Java-based library which provides web browser functionality to Java programs, and it supports JavaScript evaluation with embedded Mozilla Rhino engine.
Mozilla Rhino engine offers a feature to make Java objects available from JavaScript.
HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application(CWE-284).
Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
ICHIHARA Ryohei of DMM.com LLC reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000011.html", "dc:date": "2020-02-10T12:30+09:00", "dcterms:issued": "2020-02-10T12:30+09:00", "dcterms:modified": "2020-02-10T12:30+09:00", description: "HtmlUnit is a Java-based library which provides web browser functionality to Java programs, and it supports JavaScript evaluation with embedded Mozilla Rhino engine.\r\nMozilla Rhino engine offers a feature to make Java objects available from JavaScript.\r\nHtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application(CWE-284).\r\nMoreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.\r\n\r\nICHIHARA Ryohei of DMM.com LLC reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", link: "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000011.html", "sec:cpe": { "#text": "cpe:/a:htmlunit_project:htmlunit", "@product": "HtmlUnit", "@vendor": "HtmlUnit", "@version": "2.2", }, "sec:cvss": [ { "@score": "5.1", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "@version": "2.0", }, { "@score": "5.6", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "@version": "3.0", }, ], "sec:identifier": "JVNDB-2020-000011", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN34535327/index.html", "@id": "JVN#34535327", "@source": "JVN", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5529", "@id": "CVE-2020-5529", "@source": "CVE", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5529", "@id": "CVE-2020-5529", "@source": "NVD", }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)", }, ], title: "HtmlUnit vulenerable to arbitrary code execution", }
Vulnerability from fkie_nvd
Published
2023-05-25 14:15
Modified
2024-11-21 07:59
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*", matchCriteriaId: "4C8AEB42-E6DB-4218-84F7-6C061E486001", versionEndExcluding: "2.70.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.\n\n", }, ], id: "CVE-2023-2798", lastModified: "2024-11-21T07:59:18.673", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "cve-coordination@google.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-25T14:15:10.320", references: [ { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613", }, { source: "cve-coordination@google.com", tags: [ "Patch", ], url: "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd", }, ], sourceIdentifier: "cve-coordination@google.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "cve-coordination@google.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-21 23:15
Modified
2024-11-21 06:57
Severity ?
Summary
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nahsra/antisamy/releases/tag/v1.6.6 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nahsra/antisamy/releases/tag/v1.6.6 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/ | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cyberneko_html_project | cyberneko_html | * | |
| htmlunit | htmlunit | * | |
| antisamy_project | antisamy | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cyberneko_html_project:cyberneko_html:*:*:*:*:*:*:*:*", matchCriteriaId: "1BAE07BC-C0A2-4838-BC9D-53A085455409", versionEndIncluding: "1.9.22", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*", matchCriteriaId: "6D173170-3E08-4973-9975-6B0863ACB008", versionEndExcluding: "2.27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:antisamy_project:antisamy:*:*:*:*:*:*:*:*", matchCriteriaId: "5A45C3A9-2368-4E15-83BC-DEE9004FA9B7", versionEndExcluding: "1.6.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.", }, { lang: "es", value: "Algunos analizadores de HTML relacionados con Neko permiten una denegación de servicio a través de una entrada de instrucción de procesamiento (PI) manipulada que provoca un consumo excesivo de memoria de la pila. En particular, este problema existe en HtmlUnit-Neko hasta la versión 2.26, y se ha corregido en la 2.27. Este problema también existe en CyberNeko HTML hasta la versión 1.9.22 (también afecta a OWASP AntiSamy antes de la 1.6.6), pero la 1.9.22 es la última versión de CyberNeko HTML. NOTA: esto puede estar relacionado con CVE-2022-24839", }, ], id: "CVE-2022-28366", lastModified: "2024-11-21T06:57:13.237", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-21T23:15:10.383", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/nahsra/antisamy/releases/tag/v1.6.6", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/nahsra/antisamy/releases/tag/v1.6.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-25 03:15
Modified
2024-11-21 06:59
Severity ?
Summary
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*", matchCriteriaId: "0926A91D-391E-4BAF-A505-6063540F3531", versionEndExcluding: "2.61.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.", }, { lang: "es", value: "HtmlUnit NekoHtml Parser versiones anteriores a 2.61.0 sufre una vulnerabilidad de denegación de servicio. La entrada diseñada asociada al análisis de datos de instrucciones de procesamiento (PI) conlleva a un consumo de memoria de la pila. Esto es similar a CVE-2022-28366 pero afecta a una versión mucho más reciente del producto", }, ], id: "CVE-2022-29546", lastModified: "2024-11-21T06:59:17.823", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-25T03:15:07.840", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 05:15
Modified
2024-11-21 08:32
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*", matchCriteriaId: "45B7FEC9-75EF-47FE-8A49-5FBA5E54A823", versionEndExcluding: "3.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0", }, { lang: "es", value: "HtmlUnit es un navegador sin GUI para programas Java. HtmlUnit es vulnerable a la ejecución remota de código (RCE) a través de XSTL, al navegar por la página web del atacante. Esta vulnerabilidad ha sido parcheada en la versión 3.9.0.", }, ], id: "CVE-2023-49093", lastModified: "2024-11-21T08:32:48.503", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T05:15:07.430", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://www.htmlunit.org/changes-report.html#a3.9.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.htmlunit.org/changes-report.html#a3.9.0", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-11 12:15
Modified
2024-11-21 05:34
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| htmlunit | htmlunit | * | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 16.04 | |
| apache | camel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*", matchCriteriaId: "BAC2C61D-D942-4FFE-A5DF-2AC6988CA665", versionEndExcluding: "2.37.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:camel:-:*:*:*:*:*:*:*", matchCriteriaId: "D7F3BF7D-C547-4FBE-908C-BCB5D83BEDA9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.", }, { lang: "es", value: "HtmlUnit anterior a 2.37.0, contiene vulnerabilidades de ejecución de código. HtmlUnit inicializa el motor Rhino inapropiadamente, por lo tanto, un código JavScript malicioso puede ejecutar código Java arbitrario en la aplicación. Adicionalmente, cuando se inserta en la aplicación de Android, la inicialización del motor Rhino específica de Android se lleva a cabo de manera inapropiada, por lo tanto, un código JavaScript malicioso puede ejecutar código Java arbitrario sobre la aplicación.", }, ], id: "CVE-2020-5529", lastModified: "2024-11-21T05:34:13.283", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-02-11T12:15:21.210", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34535327/", }, { source: "vultures@jpcert.or.jp", url: "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E", }, { source: "vultures@jpcert.or.jp", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4584-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34535327/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4584-1/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-665", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-03 05:15
Modified
2024-11-21 07:50
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*", matchCriteriaId: "475E13C7-9C7F-4396-806D-56BF2B3330A1", versionEndExcluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.", }, ], id: "CVE-2023-26119", lastModified: "2024-11-21T07:50:48.910", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "report@snyk.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-03T05:15:07.863", references: [ { source: "report@snyk.io", tags: [ "Patch", ], url: "https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b", }, { source: "report@snyk.io", tags: [ "Third Party Advisory", ], url: "https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-3252500", }, { source: "report@snyk.io", tags: [ "Exploit", "Third Party Advisory", ], url: "https://siebene.github.io/2022/12/30/HtmlUnit-RCE/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-3252500", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://siebene.github.io/2022/12/30/HtmlUnit-RCE/", }, ], sourceIdentifier: "report@snyk.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "report@snyk.io", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }