Description

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0

Remediation

References

https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7

https://www.htmlunit.org/changes-report.html#a3.9.0

Related Vulnerabilities

CVE-2023-48223 Vulnerability in npm package fast-jwt

CVE-2020-21176 Vulnerability in npm package thinkjs

CVE-2017-3199 Vulnerability in maven package org.graniteds:granite-generator

CVE-2021-23507 Vulnerability in npm package object-path-set

CVE-2023-35152 Vulnerability in maven package org.xwiki.platform:xwiki-platform-like-ui

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Exploit Vendor Advisory Release Notes NVD-CWE-noinfo