Description

Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.

Remediation

References

https://github.com/HtmlUnit/htmlunit/commit/940dc7fd

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613

Related Vulnerabilities

CVE-2022-31183 Vulnerability in maven package co.fs2:fs2-io_sjs1_3

CVE-2020-27216 Vulnerability in maven package jetty:jetty

CVE-2020-28452 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.12

CVE-2021-32684 Vulnerability in npm package magento-scripts

CVE-2021-21421 Vulnerability in npm package node-etsy-client

Severity

High

Classification

CWE-787 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Patch Mailing List