29 matches found
UBUNTU-CVE-2025-66453
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...
CVE-2025-66453
CVE-2025-66453 concerns the Rhino JavaScript engine. The vulnerability occurs when an application passes an attacker-controlled float poing number into the toFixed() function, which can cause high CPU usage and potentially lead to a Denial of Service. Affected versions are prior to 1.8.1, 1.7.15....
EUVD-2025-201013
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...
Allocation of Resources Without Limits or Throttling
Overview org.mozilla:rhino is a Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttlin...
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function
When an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo DToA.JSdtostr DToA.JSdtoa DToA.pow5mult where pow5mult attempts to...
GHSA-3W8Q-XQ97-5J7X Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function
When an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo DToA.JSdtostr DToA.JSdtoa DToA.pow5mult where pow5mult attempts to...
EUVD-2020-0412
Malware in sbrugna...
EUVD-2025-1953
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-5529
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute...
CVE-2025-0982
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript...
CVE-2025-0982
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript...
CVE-2025-0982
CVE-2025-0982 : Sandbox escape in Google Cloud Application Integration’s JavaScript Task (Rhino engine). The exploit would require crafted JavaScript code run by Rhino. Effective January 24, 2025, Rhino is no longer supported by Application Integration, and no further fix actions are needed. The ...
CVE-2025-0982 Sandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine)
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript...
PT-2025-5810 · Google · Google Cloud Application Integration
Name of the Vulnerable Software and Affected Versions: Google Cloud Application Integration affected versions not specified Description: A sandbox escape issue in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted...
CVE-2020-5529
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...
Updated htmlunit packages fix security vulnerability
It was discovered that HtmlUnit incorrectly initialized Rhino engine. An Attacker could possibly use this issue to execute arbitrary Java code CVE-2020-5529...
USN-4584-1 htmlunit vulnerability
It was discovered that HtmlUnit incorrectly initialized Rhino engine. An Attacker could possibly use this issue to execute arbitrary Java code...
USN-4584-1: HtmlUnit vulnerability
It was discovered that HtmlUnit incorrectly initialized Rhino engine. An Attacker could possibly use this issue to execute arbitrary Java code...
GHSA-5MH9-R3RR-9597 Code execution vulnerability in HtmlUnit
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...
Code execution vulnerability in HtmlUnit
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...