HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
[
{
"product": "HtmlUnit",
"vendor": "HtmlUnit Project",
"versions": [
{
"status": "affected",
"version": "prior to 2.37.0"
}
]
}
]