Description

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0

Remediation

References

https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7

https://www.htmlunit.org/changes-report.html#a3.9.0

Related Vulnerabilities

CVE-2023-25571 Vulnerability in npm package @backstage/catalog-model

CVE-2023-37944 Vulnerability in maven package org.datadog.jenkins.plugins:datadog

CVE-2022-0748 Vulnerability in npm package post-loader

CVE-2012-5785 Vulnerability in maven package org.apache.axis2:axis2

CVE-2020-28451 Vulnerability in npm package image-tiler

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Exploit Vendor Advisory Release Notes NVD-CWE-noinfo