Description
HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
Remediation
References
https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7
https://www.htmlunit.org/changes-report.html#a3.9.0
Related Vulnerabilities
CVE-2022-40664 Vulnerability in maven package org.apache.shiro:shiro-core
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http
CVE-2020-5258 Vulnerability in maven package org.webjars.npm:dojo
CVE-2023-50449 Vulnerability in maven package com.jfinal:jfinal
CVE-2020-26870 Vulnerability in maven package org.webjars.npm:dompurify