Description

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0

Remediation

References

https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7

https://www.htmlunit.org/changes-report.html#a3.9.0

Related Vulnerabilities

CVE-2022-1291 Vulnerability in maven package org.webjars.bowergithub.hhurz:tableexport.jquery.plugin

CVE-2023-39010 Vulnerability in maven package org.boofcv:boofcv-core

CVE-2023-25768 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials

CVE-2023-39154 Vulnerability in maven package com.qualys.plugins:qualys-was

CVE-2017-11429 Vulnerability in npm package saml2-js

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Exploit Vendor Advisory Release Notes NVD-CWE-noinfo