Description
HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
Remediation
References
https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7
https://www.htmlunit.org/changes-report.html#a3.9.0
Related Vulnerabilities
CVE-2022-41934 Vulnerability in maven package org.xwiki.platform:xwiki-platform-menu-ui
CVE-2023-28118 Vulnerability in maven package com.charleskorn.kaml:kaml
CVE-2018-14042 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap-sass
CVE-2021-25933 Vulnerability in maven package org.opennms:opennms-webapp
CVE-2023-40336 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-folder