PT-2023-21466 · Htmlunit · Htmlunit

Name of the Vulnerable Software and Affected Versions: htmlunit versions prior to 2.70.0 Description: The issue allows an attacker to cause a denial of service attack by supplying content that causes htmlunit to crash due to a stack overflow when running on user-supplied web pages. This can happe...

HtmlUnit 缓冲区错误漏洞

HtmlUnit is an open source java page analysis tool , read the page , you can effectively use HtmlUnit to analyze the content on the page . A security vulnerability exists in HtmlUnit versions prior to 2.70.0, which stems from the possibility of a Denial of Service DoS attack when browsing untrust...

Remote Code Execution (RCE)

net.sourceforge.htmlunit:htmlunit is vulnerable to Remote Code Execution RCE. The vulnerability exists in the transform function in XSLTProcessor.java, which allows an attacker to upload and execute malicious code on the system...

CVE-2023-26119

Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage...

CVE-2023-26119

Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage...

Remote code execution

Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage...

CVE-2023-26119

CVE-2023-26119 affects net.sourceforge.htmlunit:htmlunit. Versions 0 through 2.x (i.e., before 3.0.0) are vulnerable to remote code execution via an XSTL/code injection flaw when loading the attacker’s page. The issue enables an attacker to run arbitrary code on the affected host. Remote exploita...

HtmlUnit 安全漏洞

HtmlUnit is an open source java page analysis tool , read the page , you can effectively use HtmlUnit to analyze the content on the page . HtmlUnit version before 3.0.0 has a security vulnerability. Attackers use the vulnerability to remotely execute code...

PT-2023-6900

Name of the Vulnerable Software and Affected Versions net.sourceforge.htmlunit:htmlunit versions 0 through 3.0.0 Description The issue is related to incorrect code generation management in the HtmlUnit browser, which can be exploited to execute arbitrary code remotely via XSTL when browsing an...

SUSE CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

ai.preferred:venom (>=4.0.1 <=4.2.7), at.ganzleicht.vaadin:vaadin-client-compiler (>=9.1.1 <=9.1.3) +2097 more potentially affected by CVE-2023-26119 via net.sourceforge.htmlunit:htmlunit (>=1.14 <=2.9)

net.sourceforge.htmlunit:htmlunit MAVEN version =1.14, =4.0.1, =9.1.1, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =1, =2.0, =0.9.6, =0.9.6, =0.1.1, =0.5.0, =0.11.1, =0.30.0 and more Source cves: CVE-2023-26119 Source advisory: SNYK:JAVA-NETSOURCEFORGEHTMLUNIT-3252500...

Remote Code Execution (RCE)

Overview net.sourceforge.htmlunit:htmlunit is a GUI-Less browser for Java programs Affected versions of this package are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. Note: Users are advised to upgrade to org.htmlunit:htmlunit component v3.0.0 as it...

ai.preferred:venom (>=4.1.3 <=4.2.7), at.ganzleicht.vaadin:vaadin-client-compiler (=9.1.3) +1063 more potentially affected by CVE-2022-29546 via net.sourceforge.htmlunit:neko-htmlunit (>=2.21 <=2.60.0)

net.sourceforge.htmlunit:neko-htmlunit MAVEN version =2.21, =4.1.3, =1.0.0, =1.0.0, =1.0.0, =1, =2.0, =0.9.6, =0.9.6, =0.0.10, =0.14, =5.4.0, =5.4.0, =6.1.3 and more Source cves: CVE-2022-29546 Source advisory: OSV:GHSA-6JMM-MP6W-4RRG...

Denial Of Service (DoS)

neko-htmlunit is vulnerable to denial of service. An attacker can crash the application through the out of memory exception in the scanPI function of HTMLScanner.java by providing a specifically crafted processing instruction...

CVE-2022-29546

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction PI data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product...

CVE-2022-29546

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction PI data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product...

CVE-2022-29546

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction PI data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product...

Design/Logic Flaw

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction PI data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product...

CVE-2022-29546

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction PI data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product...

CVE-2022-29546

CVE-2022-29546 : HtmlUnit NekoHtml Parser before 2.61.0 has a denial-of-service vulnerability via crafted Processing Instructions that triggers heap memory consumption. The issue is triggered during PI data parsing and is described as similar to CVE-2022-28366 but affecting a much newer version. ...