Description
HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
Remediation
References
https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7
https://www.htmlunit.org/changes-report.html#a3.9.0
Related Vulnerabilities
CVE-2023-48223 Vulnerability in npm package fast-jwt
CVE-2020-21176 Vulnerability in npm package thinkjs
CVE-2017-3199 Vulnerability in maven package org.graniteds:granite-generator
CVE-2021-23507 Vulnerability in npm package object-path-set
CVE-2023-35152 Vulnerability in maven package org.xwiki.platform:xwiki-platform-like-ui