CVE-2023-49093

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7	Exploit Vendor Advisory
https://www.htmlunit.org/changes-report.html#a3.9.0	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*

History

11 Dec 2023, 19:33

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 8.8

07 Dec 2023, 17:56

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~() https://www.htmlunit.org/changes-report.html#a3.9.0 -~~	() https://www.htmlunit.org/changes-report.html#a3.9.0 - Release Notes
References	~~() https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7 -~~	() https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7 - Exploit, Vendor Advisory
CPE		cpe:2.3:a:htmlunit:htmlunit::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Htmlunit htmlunit Htmlunit

04 Dec 2023, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-04 05:15

Updated : 2023-12-11 19:33

NVD link : CVE-2023-49093

Mitre link : CVE-2023-49093

CVE.ORG link : CVE-2023-49093

JSON object : View

Products Affected

htmlunit

htmlunit

CWE

NVD-CWE-noinfo CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2023-49093", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-12-04T05:15:07.430", "references": [{"url": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.htmlunit.org/changes-report.html#a3.9.0", "tags": ["Release Notes"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage. This vulnerability has been patched in version 3.9.0"}, {"lang": "es", "value": "HtmlUnit es un navegador sin GUI para programas Java. HtmlUnit es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de XSTL, al navegar por la p\u00e1gina web del atacante. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 3.9.0."}], "lastModified": "2023-12-11T19:33:53.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45B7FEC9-75EF-47FE-8A49-5FBA5E54A823", "versionEndExcluding": "3.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}