HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
References
Link | Resource |
---|---|
https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0 | Release Notes Third Party Advisory |
https://jvn.jp/en/jp/JVN34535327/ | Third Party Advisory |
https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E | |
https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/4584-1/ | Third Party Advisory |
Configurations
History
07 Dec 2023, 17:56
Type | Values Removed | Values Added |
---|---|---|
First Time |
Htmlunit htmlunit
Htmlunit |
|
CPE | cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:* |
07 Nov 2023, 03:24
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
30 Dec 2021, 20:14
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563@%3Ccommits.camel.apache.org%3E - Mailing List, Patch, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4584-1/ - Third Party Advisory | |
CPE | cpe:2.3:a:apache:camel:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
|
First Time |
Debian debian Linux
Debian Canonical ubuntu Linux Apache camel Apache Canonical |
Information
Published : 2020-02-11 12:15
Updated : 2023-12-10 13:13
NVD link : CVE-2020-5529
Mitre link : CVE-2020-5529
CVE.ORG link : CVE-2020-5529
JSON object : View
Products Affected
apache
- camel
debian
- debian_linux
canonical
- ubuntu_linux
htmlunit
- htmlunit
CWE
CWE-665
Improper Initialization