Ubuntu.comUB:CVE-2021-37714CVE-2021-37714
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
79.0%
jsoup is a Java library for working with HTML. Those using jsoup versions
prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS
attacks. If the parser is run on user supplied input, an attacker may
supply content that causes the parser to get stuck (loop indefinitely until
cancelled), to complete more slowly than usual, or to throw an unexpected
exception. This effect may support a denial of service attack. The issue is
patched in version 1.14.2. There are a few available workarounds. Users may
rate limit input parsing, limit the size of inputs based on system
resources, and/or implement thread watchdogs to cap and timeout parse
runtimes.
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
79.0%