hmtlunit is vulnerable to arbitrary code execution. The application does not prevent Rhinos’ access to Java resources such as Java methods. This allows an attacker to execute arbitrary Java code on the system using malicious Javascript code.
jvn.jp/en/jp/JVN34535327/index.html
github.com/HtmlUnit/htmlunit/releases/tag/2.37.0
jvn.jp/en/jp/JVN34535327/
lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563@%3Ccommits.camel.apache.org%3E
lists.debian.org/debian-lts-announce/2020/08/msg00023.html
usn.ubuntu.com/4584-1/