CVE-2023-49093 Vulnerability in maven package org.htmlunit:htmlunit

Description

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0

Remediation

References

https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7

https://www.htmlunit.org/changes-report.html#a3.9.0

Related Vulnerabilities

CVE-2012-0393 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2012-5817 Vulnerability in maven package org.codehaus.xfire:xfire-core

CVE-2022-43428 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

CVE-2021-27516 Vulnerability in maven package org.webjars.npm:urijs

CVE-2023-37913 Vulnerability in maven package org.xwiki.platform:xwiki-platform-office-importer

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H