Description
HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
Remediation
References
https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7
https://www.htmlunit.org/changes-report.html#a3.9.0
Related Vulnerabilities
CVE-2020-28443 Vulnerability in npm package sonar-wrapper
CVE-2021-32822 Vulnerability in npm package hbs
CVE-2018-3722 Vulnerability in npm package merge-deep
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-dbcp-base
CVE-2019-14862 Vulnerability in maven package org.webjars.bowergithub.knockout:knockout