Description
HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
Remediation
References
https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7
https://www.htmlunit.org/changes-report.html#a3.9.0
Related Vulnerabilities
CVE-2022-39203 Vulnerability in npm package matrix-appservice-irc
CVE-2022-25898 Vulnerability in maven package org.webjars.npm:jsrsasign
CVE-2016-5004 Vulnerability in maven package org.apache.xmlrpc:xmlrpc
CVE-2022-0401 Vulnerability in npm package w-zip
CVE-2023-49733 Vulnerability in maven package org.apache.cocoon:cocoon-core