Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.
References
Link | Resource |
---|---|
https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b | Patch |
https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-3252500 | Third Party Advisory |
https://siebene.github.io/2022/12/30/HtmlUnit-RCE/ | Exploit Third Party Advisory |
Configurations
History
07 Dec 2023, 17:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:* | |
First Time |
Htmlunit htmlunit
Htmlunit |
08 Apr 2023, 02:57
Type | Values Removed | Values Added |
---|---|---|
First Time |
Htmlunit Project htmlunit
Htmlunit Project |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:htmlunit_project:htmlunit:*:*:*:*:*:*:*:* | |
References | (MISC) https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-3252500 - Third Party Advisory | |
References | (MISC) https://siebene.github.io/2022/12/30/HtmlUnit-RCE/ - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b - Patch |
03 Apr 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-03 05:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-26119
Mitre link : CVE-2023-26119
CVE.ORG link : CVE-2023-26119
JSON object : View
Products Affected
htmlunit
- htmlunit
CWE