Search CVE reports
1 – 4 of 4 results
HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
1 affected package
htmlunit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| htmlunit | Not in release | Not in release | Not in release | Needs evaluation |
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack...
2 affected packages
htmlunit, jenkins-htmlunit-core-js
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| htmlunit | Not in release | Not in release | Not in release | Needs evaluation |
| jenkins-htmlunit-core-js | Not in release | Not in release | Needs evaluation | Needs evaluation |
Some fixes available 1 of 2
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded...
1 affected package
htmlunit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| htmlunit | Not in release | Not in release | Not in release | Needs evaluation |
Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0.
3 affected packages
htmlunit, icinga-web, libjs-extjs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| htmlunit | — | — | — | Not affected |
| icinga-web | — | — | — | Not in release |
| libjs-extjs | — | — | — | Not affected |