Description
HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
Remediation
References
https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7
https://www.htmlunit.org/changes-report.html#a3.9.0
Related Vulnerabilities
CVE-2023-34464 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2022-31183 Vulnerability in maven package co.fs2:fs2-io_sjs1_2.12
CVE-2023-27987 Vulnerability in maven package org.apache.linkis:linkis-dist
CVE-2020-24855 Vulnerability in npm package @easy-team/easywebpack-cli