Description

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0

Remediation

References

https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7

https://www.htmlunit.org/changes-report.html#a3.9.0

Related Vulnerabilities

CVE-2017-16124 Vulnerability in npm package node-server-forfront

CVE-2022-21129 Vulnerability in npm package nemo-appium

CVE-2023-34035 Vulnerability in maven package org.springframework.security:spring-security-config

CVE-2023-32991 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp

CVE-2022-41854 Vulnerability in maven package org.yaml:snakeyaml

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Exploit Vendor Advisory Release Notes NVD-CWE-noinfo