Description

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0

Remediation

References

https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7

https://www.htmlunit.org/changes-report.html#a3.9.0

Related Vulnerabilities

CVE-2022-41934 Vulnerability in maven package org.xwiki.platform:xwiki-platform-menu-ui

CVE-2023-28118 Vulnerability in maven package com.charleskorn.kaml:kaml

CVE-2018-14042 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap-sass

CVE-2021-25933 Vulnerability in maven package org.opennms:opennms-webapp

CVE-2023-40336 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-folder

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Exploit Vendor Advisory Release Notes NVD-CWE-noinfo